"KEF IDTPl628 5 6 



I 



■i 




Declassified and approved for release by NS A on 12-17-2013 pursuant to E.O. 13523 



TECHNICAL 

JOURNAL! 

i! 



VOL. VI WINTER 1961 NO. 1 

Page 

Remarks at the Dedication of von Neumann Hall 1 

The Association Factor in Information Retrieval 

H. Edmund Stiles 7 

Introduction to Cryptology — IV 

William F. Friedman 26 

Pattern Recognition 

Walter W. Jacobs 77 



CONF I DENT I AL 



Mil 



CONr i DCNT l A b 



THE NSA TECHNICAL JOURNAL 

EDITORIAL POLICY BOARD 

S. KULLBACK, Chairman 

WILLIAM A. BLANKINSHIP ARTHUR F. MATHISEN, Sec. Advisor 
LAMBROS D. CALLIMAHOS IGNATIUS G. MATTINGLY, Exec. Sec’y 
HOWARD H. CAMPAIGNE HAROLD J. STUKEY 

DANIEL M. DRIBIN COL. M. J. BARTOSIK 

PAUL F. FRIEDMANN WILLIAM D. WRAY 



EDITORIAL STAFF 

Executive Editor 
PAUL F. FRIEDMANN 

Panel of Editors 

LAMBROS D. CALLIMAHOS, Chairman 

JOSEPH BLUM LOWELL K. FRAZER 

GEORGE L. CHESNUT FRANK W. LEWIS 

MORTON KUPPERMAN CHARLES W. RECHENBACH 

EDWIN C. FISHEL C. RUSSELL SUMMERS 



NOTICE: This material contains information affecting the National Defense of 
the United States within the meaning of the Espionage Laws, Title 18, U. S. C., 
Sections 793 and 794, the transmission or the revelation of which in any manner 
to an unauthorized person is prohibited by law. 



The NSA Technical Journal is published four times a year under the direction 
of the NSA Technical Journal Editorial Policy Board. Telephone: OUTSIDE: 
7249, SECURE: 3057. Any cleared and indoctrinated person may be permitted 
access to the Journal by a regular receiver of the Journal, or by the Library. 
Copies of the Journal which are no longer required may be destroyed, and the 
accompanying certificate of destruction filled out and returned to the Office of 
Administrative Services. 

NSAL — S-129,098 

Use of funds for printing this publication approved by the Director of the 
Bureau of the Budget, 20 January 1960. 

CONFIDENTIAL - 





REF ID:A62856 



COHr i DCNT I AL - 

Extending the Challenge 

We and our customers are continually involved in evaluating the 
two most significant aspects of COMSEC systems — security and 
logistics. Singly or in combination they present a fascinating chal- 
lenge for devising the means to facilitate reaching rational decisions 
which provide the best over -all balance. Despite our efforts there is 
still no formula, no clear-cut criteria for weighing the associated 
variables. The implications of a wrong “guess” are shattering in 
terms of impact on our national security. Dozens of parallel 
examples could be cited for SIGINT. 

While the activities of the Agency continue to mushroom in 
complexity, it is important that our approaches to problems keep pace. 

There is within our grasp the essence of a solution. It is no accident 
that we have engaged in some operations research, applying our 
“cryptologic” talents in statistics, mathematics, and engineering to 
what are actually “management” problems. The very fact that our 
in-house scientific skills can be blended to analyze a “cryptologic- 
management” question holds promise of possibilities and hope. 

The cryptologist-manager of tomorrow must acquire system and 
discipline needed for sound planning; but he has not yet learned how 
to judge problems in all the necessary dimensions, to establish a 
balance, and to decide things not on intuition alone, but on a sounder 
more scientific base. 

What we lack is a way to treat with assurance typical situations 
which require that the solution to the “flap” be melded with the needs 
of the future; that our capabilities project the demands of our 
customers; and that individual readjustments not threaten the Agency 
as a whole or any of its missions. This will be possible only through 
the use of a logical structure which provides definitions, specifications, 
measurements, and a common communications medium. 

We are lucky that cryptology and management are both infants as 
professions and as sciences. There may be likenesses in their in- 
dividual, general methodologies, some possibility of a harmonizing 
logic. A common, symbolic, cryptologic language is beginning to 
emerge. The stimulating analogy is that the management language 
is headed toward a similar integrated and synthesized structure! 
Further, it could become complicated by moral and social considera- 
tions. 



Guest Editor for this issue is Mr. Paul E. Neff, Assistant Director NSA for 
Communications Security. 




1 



CONFIDENTIAL - 



- COHriDCNTIAT 



REF ID : A62856 






The cryptologic skills, problems, and needs we have today offer a 
fabulous opportimity to experiment more fully in the management 
area; and the possibilities fire the imagination. 



I 



f 



CORRECTION 

In the July-October 1960 issue of The Journal, Dr. A. Sinkov was 
erroneously referred to as Assistant Director of PROD, NSA. 
Dr. Sinkov’s correct title is Deputy Director, PROD, National 
Security Agency. 




n 



REF ID:A62856 

UNCLASSIFIED 

Remarks at the Dedication of 
John von Neumann Hall 

Unclassified 

A new building to house the NSA Research Institute was dedicated on 
October 22, 1960 at Princeton University. The major dedication ad- 
dresses were delivered by Dr. James R. Killian, Jr., Chairman of the 
Board, Massachusetts Institute of Technology, and Dr. Robert Francis 
Goheen, President of Princeton. The addresses are reproduced here with 
introductory remarks by Dr. Howard H. Campaigne, Chief, Office of Re- 
search, NSA. 

The Institute for Defense Analyses (IDA) is a non-profit organiza- 
tion which was founded in 1956 by five of the leading research insti- 
tutions in our country: Massachusetts Institute of Technology, 
Tulane University, California Institute of Technology, Case Institute 
of Technology and Stanford University. It has one broad purpose — 
to carry out research on problems referred to it by the Defense 
establishment. 

Two years later, the Baker Committee proposed that a separate 
research facility be established, preferably in an atmosphere condu- 
cive to intellectual endeavor. The NSA Scientific Advisory Board, 
of which Professor von Neumann of Princeton was a member, strongly 
endorsed the concept. The recommendation was taken to the White 
House. 

President Eisenhower approved the establishment of an activity to 
perform independent cryptologic research in February of 1958 and 
the search for a suitable location was underway. Among the groups 
approached were Syracuse University (with the possible help of 
General Electric), The Rand Corporation, IBM (with Stanford 
University), Harvard University, Princeton University and, of course 
IDA. 

IDA undertook the project. It immediately set up a new division, 
the NSA Research Institute (also known as Focus), to do the work 
and entered into a contract with Princeton for a new building to house 
the effort. It is the dedication of this building which was the occa- 
sion of the following speeches. 

Dr. J. R. Killian, Jr. . . 

I speak in behalf of President Norton, the trustees and staff of the 
Institute for Defense Analyses in expressing appreciation and satis- 




1 



UNCLASSIFIED 



i 



REF ID : A62856 

UNCLASSIFIED von neumann hall dedication 

faction in the splendid opportunities and facilities provided by 
Princeton University for the work of the Institute’s Communications 
Research Division. We are especially proud and grateful that the 
University has made it possible to have this fine new building avail- 
able for the Institute’s communications research program and that it 
has been possible for us to join with the University in making this 
building a memorial to Dr. John von Neumann. Because of his great 
accomplishments as a mathematician and his remarkable contribu- 
tions to the public service of his adopted country, it seems happily 
appropriate that this building have the distinction of his name. 

From the standpoint of the Institute for Defense Analyses, this 
whole enterprise here in Princeton has been a happy undertaking. 
The arrangements entered into with the University for bringing the 
building into being have worked well. We have welcomed, too, the 
opportunity to join with Princeton in planning for the design and use 
of the computer, one of the facilities housed in the building. We are 
glad that the University community has access to this fast and ver- 
satile computer and that other parts of the program managed by 
IDA here have been so arranged as to permit a fruitful relationship 
between the Communications Division and the scholarly community. 
This is possible because a part of the work of IDA’s Communica- 
tions Division is in fundamental areas of mathematics and associated 
communications sciences, which are suited to university participation. 
I speak for President Norton and Dr. Rosser and their associates in 
expressing our appreciation to the University and the University 
community for their very great contribution in working out these 
collaborative arrangements. 

IDA has another reason for being happy with the choice of 
Princeton’s hospitality: I refer to the exceptional resources in mathe- 
matics, perhaps unexcelled in the world, which are concentrated here 
in the University and in the Princeton community. Altogether we 
feel the auspices to be particularly benign for our undertakings here. 

Woodrow Wilson once observed that “Government is not a ma- 
chine, but a living thing. It falls, not under the theory of the uni- 
verse, but under the organic life. It is accountable to Darwin, not 
to Newton.” The Institute for Defense Analyses represents a small 
organic extension of Government — a mutation which provides new 
opportunities for our Government to draw upon the resources of the 
nation’s academic and scientific communities in a way accountable 
both to Newton and to Darwin and that is beneficial to these com- 
munities as well as to the Federal Government. Since the war we 
have seen many ingenious methods devised in the area of what Don 
Price has called “federalism by contract” which have served to make 
available to national policy making and the national Government 




I 



UNCLASSIFIED 



2 



REF ID:A62856 



VON NEUMANN HALL DEDICATION UNCLASSIFIED 

advisory services otherwise not easily accessible. This enterprise 
here in Princeton represents one of these novel and, we venture to 
hope, mutually beneficial arrangements which brings a new element 
of strength to our national life. 

President Goheen, we are happy and privileged to be in this uni- 
versity community and to have the cooperation of your institution 
and your colleagues. 

Dr. Robert F. Goheen . . . 

Our gathering this morning, widespread though we are in the 
institutions we represent and diverse perhaps in our interests, brings 
us together to pay honor in common to the memory and influence of 
a rare individual. 

Three decades ago John von Neumann, at the age of 26, accepted 
Princeton University’s invitation to join its faculty as professor of 
mathematical physics. A very few years later (1933), when the 
Institute of Advanced Study was brought into being, he was appointed 
one of its founding professors. Thereafter, whether here in Princeton 
or commuting to Los Alamos or Santa Monica, or serving with scien- 
tific commissions, or temporarily making his home in Washington, 
Professor von Neumann considered himself a Princetonian and loved 
the ways of life that are the hallmarks of this academic community. 

All of us here are deeply aware of Professor von Neumann’s scien- 
tific legacy, of his salient contributions to man’s knowledge, of his 
devotion to the principles by which free men live. We who are 
Princetonians recall with especial pride the honors that rightfully 
came to him: The medal for Merit in 1947; the Medal of Freedom in 
1956; and the Enrico Fermi Award, — the citation attending the last 
rightly stressed that he more than anyone else foresaw the important 
and necessary role which high-speed computing machines would play, 
not only in the control and use of atomic energy but also in the 
general advancement of the sciences. 

The vital influence he exerted in all that he did was expressed 
wonderfully well in the dismal February of 1957 by one of his close 
friends and associates who is with us today, Dr. Robert Oppenheimer: 

“To his many friends, his students, his colleagues, John von Neumann 
was the highest and liveliest intelligence they were ever to encounter. 

A mathematician of immense scope and power, he contributed to many 
fields of learning and created others. He was a masterful abstract 
analyst, with an unparalleled sense for practical invention, so that he 
enriched learning and practice equally. His sober and often melan- 
choly realism was tempered by great warmth and generosity. We 
know no one like him.” 




3 



UNCLASSIFIED 



REF ID : A62856 



■J 



UNCLASSIFIED von neumann hall dedication 

Recollections of this outstanding man of science, who could recite 
Faust from memory and whose outreach was immense, have become 
a kind of living legend in our community. For myself, I especially 
enjoy an anecdote which I first got from a colleague but later saw 
repeated in a published tribute. 

One evening at the von Neumanns’ Westcott Road home, so the 
story goes, Professor von Neumann and an eminent Byzantinist were 
discussing a little-explored corner of history and came to argument 
over a date. The historian said it was this? von Neumann insisted it 
was that. Eventually, as scholars should, they looked it up, and von 
Neumann was right. Some time later, when again invited to the 
von Neumann house, the historian is said to have said: “I’ll come if 
Johnny promises not to discuss Byzantine history. Everybody 
thinks I am the world’s greatest expert in it, and I want them to keep 
on thinking so”. 

It was fifteen years ago that this warm, many-sided individual, 
anticipated the creation of an organization to serve purposes such as 
The Institute for Defense Analyses now serves. In a memorandum 
dated September 5, 1945 — in which he was analyzing the one high- 
precision electronic machine then approaching completion — he wrote: 

“There are many important problems in hydrodynamics, aerody- 
namics, celestial mechanics, and in various other fields, which are 
practically inaccessible to the present methods of abstract mathematical 
analysis, and for which the capacity of human computing machines, or 
of existing, non-electronic computing machines, is absolutely inade- 
quate. These problems can only be dealt with by machines which 
possess intrinsic speeds that can only be reached by electronic proce- 
dures. Such speeds render any intelligent human intervention, while 
the machine is working, impossible, and therefore they necessitate a 
complete automation of the device.” 

He went on to suggest that the construction and operation of an “all- 
purpose machine” should be undertaken immediately by a purely 
scientific organization, as opposed to existing governmental or indus- 
trial agencies. He emphasized the desirability of planning “without 
any inhibitions,” for free operation governed principally by scientific 
considerations. 

So also, writing three days after the Japanese surrender, Professor 
von Neumann urged that “the Government needs the help of a scien- 
tific institution” for these purposes, and he foresaw the creation of 
some future, central postwar research agency that might well be 
economically self-supporting. Again he cautioned that its inde- 
pendence and ability to exert a directing influence on future develop- 
ments were matters of vital concern. 

This morning — an even decade and a half after Professor von 
Neumann, peering into the future, suggested this kind of charter for 





i 



UNCLASSIFIED 



4 



REF ID : A62856 



VON NEUMANN HALL DEDICATION UNCLASSIFIED 

what is now the Institute for Defense Analyses — we sit, as it were, 
before the translation into reality of some significant part of his 
vision. And I find myself greatly moved by the devotion and respect 
which are apparent in this gathering — devotion and respect for the 
man whose memory we honor, devotion and respect for those qualities 
of mind and character which he displayed in his all too short lifetime, 
and of which the Institute for Defense Analyses, with its demonstrated 
achievements and its rich promise for the future, is such an appro- 
priate expression. 




5 



UNCLASSIFIED 



REF ID : A62856 



UNCLASSIFIED 



Pattern Recognition 

BY WALTER W. JACOBS 
Unclassified 

The broad class of pattern recognition problems is considered, and the 
example of handwritten signatures is used to elucidate the general prob- 
lem. A model is presented which shows the relation of pattern recogni- 
tion to communications, and the structure of recognition procedures is 
discussed. 

Human sensory perception seems to involve pattern recognition in 
a fundamental way. When we examine the physiological processes 
involved in the perception of shapes and colors, sounds, textures, and 
so on, we find that in these processes there are large numbers of re- 
ceptor elements affected by any stimulus. Starting with the ar- 
rangement of the affected elements, the brain arrives at an appropri- 
ate image, although we have little knowledge of how this is accom- 
plished. 

Webster's New International Dictionary defines pattern as “ ... an 
arrangement of parts, elements or details that suggests a design or 
orderly distribution.” A definition that is closer to our requirements 
is: a design or orderly structure that underlies an arrangement of 
parts, elements or details. To recognize a pattern is to detect or 
identify the structure associated with the particular arrangement or 
occurrence. 

The term “pattern recognition” is sometimes restricted to refer to 
the identification of shapes. We are using it in a broader sense, to 
include, for example, speech recognition and even such other prob- 
lems as identifying a piece of music, a poem, a face or a voice. 

In speeding up the processing of information, the mechanical rec- 
ognition of patterns is becoming increasingly necessary. Various 
forms of this problem are being worked on. In order to provide a 
firmer foundation for such work, a model of the general recognition 
problem is presented here; this model is explicit enough to provide a 
formulation for mechanical recognition, and at the same time it ap- 
pears broad enough to encompass human recognition. 

The principal aim of such a model is to indicate the conditions 
j that should be satisfied if a successful recognition procedure is to be 

achieved. Thus it provides a basis for evaluating partial attacks on 
the problem. 



7 



UNCLASSIFIED 



UNCLASSIFIED 



PATTERN RECOGNITION 



THE PROBLEM OF SIGNATURE RECOGNITION 

The exposition will be organized around a specific example — the 
mechanical recognition of a handwritten name. The example has 
been chosen because of its concrete nature, and because it is ex- 
tremely familiar to everyone. 

In recognizing a signature, we may be trying to answer one of a 
number of possible questions. What is the name of the signer? 
Does the signature correspond to the standard for a checking ac- 
count in a particular bank? Is it a valid or a forged signature? 
Each of these questions gives rise to a different recognition problem, 
and it should be clear that the corresponding procedures need have 
little or nothing in common. It is necessary to be very explicit 
about the problem to be solved in order to avoid tackling too much 
or accomplishing too little. 

The discussion will deal with the first of these questions: identify- 
ing the name. It is assumed that the only information available for 
the problem consists of two lists, one containing 250 first names, and 
the other 4,000 surnames. (We suppose, to eliminate a complication 
that would add nothing to the exposition, that there is no middle 
initial.) No standard signature, such as would exist in the bank 
problem, is provided. 

The objective in discussing this problem is to illustrate and illum- 
inate the general situation. For present purposes, it is of little con- 
cern whether this form of the problem is of practical interest, or 
whether the approach to be described is feasible. 

THE COMMUNICATION MODEL OF PATTERN RECOGNITION 

Our model is based on an analogy between the usual communica- 
tion situation and the pattern recognition problem. In communica- 
tion, we deal with messages, sent and received. The original mes- 
sage is converted to a signal or other physical form and is transmit- 
ted along some communication channel. The channel is in general 
“noisy”, and the signal is distorted or modified. It is then received 
and recorded, further degradation of the signal occurring in the proc- 
ess, and the resulting record is used to obtain information about the 
original message. By interpreting “message”, “signal” and “record” 
in a somewhat more general sense, we can identify these same ele- 
ments in pattern recognition. 

In communications, the origination and transmission of the mes- 
sage are usually intentional; in pattern recognition, however, this is 
too restrictive. The criminal who leaves his fingerprints at the 
scene of his crime is unwittingly sending a message to the detective. 
To the latter, the identity of the criminal corresponds to the pattern 
underlying the fingerprints. 



UNCLASSIFIED 



8 



REF ID : A62856 



i 

i 

i 

4 



|j 

I 



f 



w. w. Jacobs UNCLASSIFIED 

Similarly, in the signature problem, the individual writing his name 
is originating a message. The light reflected by the signature plays 
the role of the signal, and the receiving element may be the retina of 
the eye or the photosensitive component of a mechanical scanning 
device. In the form of the problem being discussed, the name is the 
desired pattern. 

These two examples illustrate what is meant by “pattern” in 
general. A particular pattern, such as the, name “John Smith”, can 
be represented by many different messages; not only can the signer 
vary the size and form of his signature, but also there may be dif- 
ferent people writing the name. However, in the situation being dis- 
cussed, all possible signatures fall into (250) (4,000) + 1 = 1,000,001 
different classes, corresponding to the possible pairs of names on the 
given lists or to the additional case — the “null pattern” — when one 
or both names are not listed (or perhaps what is being examined is 
not even a signature). 

Because handwriting is often bad, and because “noise” further ob- 
scures what is written, no recognition procedure can be uniformly 
successful in assigning a record to its pattern. It takes only a smudge 
to make “Jean” practically indistinguishable from “Joan”, or “South” 
from “Smith”. What the procedure can do is divide up the set of 
possible records into classes or categories, each class corresponding 
to a single pattern. For example, one such class would contain 
every record which is assigned to “John Smith”. This dividing up 
should be done so as to minimize the effect of incorrect recognition. 1 

Some writers have used this dividing up of the set of records into 
classes as the basis for a definition of pattern. It becomes “that 
property which all the records of a single class have in common.” 
The definition is unsatisfactory, and involves a confusion between 
the recognition procedure, on the one hand, and the success with 
which a given mechanism achieves the intended assignment of rec- 
ords to classes, on the other. This becomes clearer when it is 
realized that the definition excludes any notion of pattern structure, a 
term which encompasses all the knowledge about the patterns which 
is not present in the totality of records. As the example will show, 
it is this external knowledge on which a recognition procedure is 
based. 

MESSAGE, SIGNAL AND RECORD 

To look at a communication situation and to specify the place 
where the message is in existence and entering the transmission proc- 

1 Procedures which allow for more categories of records than there are pat- 
terns may be required if, under appropriate conditions, an indecisive outcome is 
desirable. This involves additional considerations, and is not discussed further, 
although the present treatment can readily be modified to handle it. 




9 



UNCLASSIFIED 



REF ID:A62856 
UNCLASSIFIED PATTERN RECOGNITION 




UNCLASSIFIED 



10 







UNCLASSIFIED 









liHSiiisssn! 



;:w: 









um::l 



sbwhhsbbhhhhbu 

sisnsni 

;hb| 

si sJm 



m 

BSP' MnunJHHBBBBi 



mm: 




Figure 2 Scanned Record “ 

This indicates the type ol recard which might he produced by an optical scanning mechanism. The 
field an which the signature appears would be considered as made up of small squares.. In the output ; 
of the scanner the corresponding square would be considered "black” if the inked area of the field squared 
exceeded a specified threshold, and would be considered “white” if it did not. 






REF ID:A62856 



UNCLASSIFIED pattern recognition 

ess, often calls for an arbitrary choice. One may say that trans- 
mission commences with the conversion of a written message to 
electrical form; it is just as reasonable to say that it begins with the 
conversion of a mental message to verbal or written form. 

The same kind of choice arises in recognition situations, and one 
can be somewhat free in specifying the point at which the message 
exists and the dynamic process which constitutes the signal has 
begun. The signal intervenes physically between the originator and 
the recipient, and the form of signal available to the latter depends 
on his relative location and other conditions. In the class of recog- 
nition problems represented by a given procedure, it is useful to 
think of reception conditions as relatively fixed. 

In the example of the handwritten name, the usual physical effect 
will be a piece of paper or cardboard containing the writing. This 
may be called the “static” signature (Fig. la), and this is the kind of 
signal which will be considered in the discussion here. If the condi- 
tions of the problem permitted us to observe the act of signing, then 
the signal would more properly be regarded as the timed succession 
of pen positions, as indicated in Fig. lb. The two problems are evi- 
dently different, although the same pattern is to be recognized. A 
recognition procedure based on the second type of signal could make 
use of knowledge (about the succession and direction of strokes, for 
example) which is not directly available with the static signature. 2 

Before a recognition procedure can be applied to the signal, it 
must first be received and transcribed. The resulting record is the 
input to the procedure, and summarizes all of the information that 
applies to the particular occurrence of the problem. Information 
about the pattern structure — such knowledge as the fact that names 
are produced by continuously-drawn strokes, and that they consist 
of letters in pronounceable combinations — is not present in the rec- 
ord, but is collateral to it. 

Figure 2 shows a record of the signature such as might result from 
scanning the signal with a facsimile device. The form of the record 
is chosen by the recognizer, within the limitations imposed on him by 
his access to the signal and the technical devices available to him. 
The signal itself is a physical phenomenon which he cannot control. 

2 After the present paper was written, the author was shown an unpublished 
manuscript, “Machine Reading of Handwriting”, by L. S. Frishkopf and L. D. 
Harmon of Bell Telephone Laboratories, which discussed a proposed machine 
procedure for recognizing handwritten material from the time plot of its x and 
y coordinates. The approach is an excellent illustration of the general class of 
procedures described here. 

UNCLASSIFIED 12 



t 



REF ID : A62856 



it 



1 



4 



i 



w. w. Jacobs UNCLASSIFIED 

VARIATION, NOISE AND PROBABILITY CONSIDERATIONS 

An individual will produce many versions of his signature, reflect- 
ing such sources of variation as space available, muscular control, 
and so on. With upwards of 100,000,000 Americans who can write, 
producing dozens of possible signatures each, the number of different 
messages in our problem is in the billions. These are grouped, by 
the task set, into 1,000,001 patterns. The differences among the 
messages in a pattern class constitute the variation. 

When John Smith undertakes to produce an instance of his signa- 
ture, a particular message in the pattern corresponding to his name 
is originated. However, the actual signal is not uniquely determined 
by that message because of noise. The table on which he is writing 
may shake, the ink may blot or smudge, and dirt or moisture may 
further alter the written form of the signature before it reaches the 
recognition process. 

The act of producing the record itself will introduce more noise to 
obscure the information present. The effect which results from the 
discrete field of the scanner is graphically shown in Fig. 2; however, 
noise is inevitable in any device, whether it operates discretely or 
continuously. 

Because of the intervention of variation and noise, it cannot be 
assumed that every record can be unambiguously assigned to one and 
only one pattern. As has already been pointed out, we frequently 
encounter cases where even the human recognition procedure fails to 
obtain a decisive answer. Our model assumes that every pattern 
gives rise to a definite probability distribution over the set of possible 
records. 3 

The recognition procedure must take account of the probability 
distributions for the various patterns. Often these will not be given 
a priori, but must be estimated on the basis of samples of records for 
which the corresponding patterns are known. 

The general recognition problem, in terms of the model which has 
been presented, is therefore seen to fall into the well-known category 
of statistical problems in which we have a single sample drawn from 
one of a finite set of populations, and wish to “estimate” the popula- 
tion from which it originated. There are, therefore, two distinct 
aspects to any recognition procedure: one concerned with the statis- 
tical decision that must be made, and the other involved with the 
means of transcribing the original signal and of physically carrying 
out on the resulting record the statistical calculations that are nec- 
essary. 



3 As discussed in the Appendix, this assumption appears to be necessary in 
order that the recognition problem be well-defined. 

13 UNCLASSIFIED 







REF ID : A62856 



UNCLASSIFIED pattern recognition 

THE STRUCTURE OF THE RECOGNITION PROCEDURE 

When there are many patterns, or when there is a considerable 
amount of variation within the individual patterns — in other words, 
whenever the number of possible messages is very large — the statis- 
tical rules that would assign each record to its appropriate pattern 
are too complex to carry out in a single step. In this case, the 
recognition procedure is more appropriately considered as a series of 
operations. 

There are four well-marked functions or aspects in recognition, 
and we call them Representation, Extraction, Classification, and 
Integration. They are indicated in the flow-chart of Fig. 3. These 
aspects appear to be necessary in any non-trivial problem, and one 
can use them to appraise the extent of progress that is made in any 
practical proposal for a mechanical recognition device. 

If the published material on character recognition and other prob- 
lems is evaluated on this basis, in most cases it appears that only a 
part (and often the easier part) of the recognition procedure has 
actually been attacked. Only where variation and noise can be rig- 
idly controlled — as in examples of character recognition where the 
method of printing is precisely specified — has much headway been 
made, and even in these relatively simpler problems the procedures 
described appear to contain some serious gaps. 

The four aspects are discussed in turn in what follows. The logi- 
cal flow-chart of Fig. 3 is not intended to indicate a corresponding 
physical separation of function in an actual device; it is quite pos- 
sible that in a particular procedure a single mechanism could effec- 
tively combine two or more functions. 

REPRESENTATION 

The determination of the method of recording the signal consti- 
tutes the first aspect of the recognition procedure. This step is 
called representation, and it may also be thought of as selecting the 
form of the record. 

This same first stage exists in human recognition. The percep- 
tion of a shape, for example, commences with the stimulation of 
certain of the discrete array of receptor cells in the retina of the eye. 

We have already seen that representation introduces noise. The 
signal-to-noise ratio may be increased within limits by increasing the 
faithfulness of the recorder. In Fig. 2, if the field being scanned 
were divided into a larger number of cells, the record would more 
closely approximate the signature. 

It is possible to incorporate a noise “filter” or “suppressor” into 
a recording device, but this merely combines with the representation 
stage a function that properly should be considered part of a later 



UNCLASSIFIED 



14 




\ 



I 

t 



REF ID : A62856 



W. W. JACOBS 



UNCLASSIFIED 




Figure 3 

Structure of the General Recognition 
Procedure 

This flow-chart indicates the functional nature of 
the recognition procedure rather than the organization 
of physical components of a recognition device. The 
rectangles represent aspects or functions of the pro- 
cedure, the circles inputs and outputs. The dashed 
line suggests the iterative or sequential approach which 
is described. 





15 



UNCLASSIFIED 







REF ID : A62856 



UNCLASSIFIED pattern recognition 

section of the recognition procedure. Paradoxically, the recognition 
procedure can sometimes be simplified by using an extremely coarse 
scan, thereby passing up much of the information available in the 
effect. Here again the representation stage is being combined with 
later parts of the recognition procedure. 

It is useful to discuss the informational aspect of the problem 
somewhat further. Because 1,000,001 is approximately 2 20 , a signa- 
ture which has been correctly assigned to its pattern — i. e., has had 
its name identified — has contributed about 20 bits of information 
relevant to the name identification. It contains far more informa- 
tion than this, some of which would be relevant to other problems. 
The use of pattern structure and its implied redundancy makes it 
possible to discard much of the additional information. However, 
the function of discarding information should be kept conceptually 
distinct from the function of representing it, even though a single 
physical device may simultaneously perform both functions. 

EXTRACTION 

The remainder of the recognition procedure operates on the record 
as input, and yields an estimate of the underlying pattern. While it 
is theoretically valid to consider this estimate as a statistic calculated 
from the record by a single mathematical operation, in practice it is 
often important to break down the process. 

The estimation of the pattern from the record begins with a func- 
tion that may be called extraction. We will first consider what this 
involves, and then indicate some of the difficulties associated with 
carrying it out. Extraction consists of selecting a part of the rec- 
ord, or segment, in such a way as to reduce or eliminate the effect of 
a source of variation in the original set of messages. There are two 
distinct ways in which this can take place. The segment may corre- 
spond to a group of patterns so chosen that some variation is can- 
celled out; such a group is called a subpattern. For example, if all 
patterns are grouped according to the first name, and the segment 
includes only the corresponding part of the record, then the subpat- 
tems are the first names. In this partial problem there is much less 
variation than in the full problem involving a single complete pat- 
tern. The reduction is much greater if the segment includes only 
that part of the record corresponding to the initial letter. 

The second type of extraction aims at counteracting variation 
within the pattern classes by selecting parts of the record that cor- 
respond to some standard or canonical feature of the entire class. 
Adjustments for variations in size, registration or orientation of the 
record are of this type. 

UNCLASSIFIED 16 




UNCLASSIFIED 



1111 
11 i 
i i 

i ii 
i i 
i ii 
1111 

ii i 

ii 1111 
ii 11111 



i iiii i 



i 

1 1 
iii 
1111 
1111 

liiiiii/n ii 
11111 /mu /in ii 
1111 / mi (liiini 

i i / n iii iii i 



lii ini ii in ii ii 



i i 
iii 
iii 
iii 

i i 
i i 





1 1 




111 


1 1 


111 


111 


111 


1 1 


1 1 


1 1 / 


1 



ii ii 
i ii 
l i 
1111 
1111 



/ 1 y / 1 

/ i i ii li/ii Ah 
ii ii ii 11/11 yi iii 
liiiimiiiiii \ \ 1111 
i limiiiiii i|i ii i 

ii i ii ii ii iii i 



Figure 4 Record Matrix With Letter Separations Indicated 
The black squares of the record of Figure 2 ore here represented by "1", and the white squares are 
represented by a blank space. The lines in the figure divide up the l's into groups which correspond 
approximately to the individual letters of the name. 



REF ID : A62856 



ji 

UNCLASSIFIED pattern recognition 

The term “segmentation” is frequently used for the first type of 
extraction. However, it seems desirable to replace this term, both 
because it does not fit the second type, and because it seems to imply 
that the entire record is divided up into segments at one stroke; this 
latter restriction is unnecessary. 

Extraction is often a troublesome stage, especially if it is done in 
the form of complete segmentation. Some of the reasons for this 
are exemplified in Fig. 4, which shows the record of Fig. 2 (expressed 
as a matrix of 0’s and l’s with the 0’s suppressed for clarity). 

In the figure, the approximate segmentation into letters is indi- 
cated by lines. 4 But the matrix, although set out in a rectangle, 
will as a practical matter be read linearly, and most probably either 
by rows or by columns. Thus, the segments will not in general be 
connected pieces of this linearly described record. Either the extrac- 
tion rule must be a complicated one, or the segments will not corre- 
spond perfectly to single letters. 

There are other problems in extraction besides non-linearity. The 
segments are not usually independent, because the way a letter is 
written will depend on what its neighbors are. Also, there is fre- 
quently an intrinsic ambiguity characteristic of handwriting, which 
is illustrated in deciding where to terminate the second letter of the 
second name: is this an i or r, n or u, or m? 

The kinds of difficulty pointed out here can arise in many recogni- 
tion problems. In trying to avoid these difficulties, the attempt is 
sometimes made to dispense with extraction and work with the rec- 
ord as a whole. However, except in rather trivial cases, at least the 
second type of extraction is still necessary — and because this may 
involve a less specific kind of pattern structure, it may be no easier 
to handle properly. 

Consider, for example, a variation of the signature problem in 
which a file of standard signatures is available for comparison. One 
can conceive of an approach which matches the record as a whole j 
against each standard. In order to do this successfully, the match- 
ing process must relate corresponding parts of the record and the 
standard. But parts of a signature vary in their relationship to each 
other; in comparing signatures by eye, we find it necessary to adjust 
for differences in spacing or size which interfere with any simple 
basis for comparison. Thus, extraction is still required to make the 
parts of the record correspond to those of the standard. 



* As an instance of the puzzles of human perception, the reader should note 
how much more easily the name may be recognized from the record as shown in 
Fig. 2 than from the informationally equivalent form in Fig. 4. 



UNCLASSIFIED 



18 



REF ID : A62856 

w. w. Jacobs UNCLASSIFIED 

In the experimental stage of developing such a procedure, a cor- 
relation technique relying on the presence of “above-the-line” letters 
(b, d, f, h, k, 1, t) and “below-the-line” letters (f, g, j, p, q, y, z) 
might be tried. The extraction might involve location and scale ad- 
justments of the record so as to produce coincidence at both the 
beginning points and ending points of the observed and standard 
signatures. However, writing does not always space its letters uni- 
formly, and we can therefore conclude that the indicated approach 
would have a higher probability of error than could be attained with 
a more sophisticated extraction. Whether the errors could be toler- 
ated in order to keep the procedure simple would depend on the 
specific circumstances of the actual application. 6 

Let us return to the signature problem which we have been using 
as an example, and use it to emphasize an important point about 
subpatterns. These are not predetermined by the structure of the 
patterns, but are selected in the course of developing an efficient 
recognition procedure. In the signature problem names are com- 
posed of letters, and letters of strokes, but this fact does not compel 
us to use letters or strokes as our subpattems. 

A relatively simple way to start the process would be to extract 
as a segment the part of the record that corresponds to the initial 
letter of the first name. However, the underlying subpattem would 
be not the letter itself, but a properly chosen group of letters. One 
such group might be the letters which as capitals have a loop below 
the line: J, Y, Z. 6 

In summary, extraction operates on the record and produces a 
segment, in such a way as to offset a substantial part of the variation 
present among the original set of possible messages. It may do this 
by standardizing, so that the resulting segment still is used to esti- 
mate the entire pattern. Alternatively, the segment may relate to a 
subpattern of the original pattern. 

CLASSIFICATION 

The determination of the estimated subpattem from a segment of 
the record is called classification ; it constitutes the third aspect of the 
recognition procedure. It differs from the problem of estimating the 
entire pattern from the record in only one respect: that no further 
extraction takes place. At this stage a manageable piece of the 

5 A typical “practical” solution might be to weight the errors in favor of re- 
jection, and use human inspection of the rejects. Since the back-up inspection 
is part of the “mechanical” recognition procedure, this solution might turn out 
to be much more expensive to operate (although much cheaper and quicker to 
develop! ) than a more sophisticated machine. 

6 How to continue from this start is discussed below under integration. 



19 



UNCLASSIFIED 



REF ID:A62856 



UNCLASSIFIED pattern recognition 

original problem has been cleaned up. The input may be thought 
of as an observed vector (or a continuous counterpart); the result of 
the classification is an estimate of the subpattern . 7 

In order to determine how a machine is to carry out the classifica- 
tion aspect of a recognition procedure, two interrelated tasks must 
be accomplished. The first task is to decide which subpattem each 
possible segment should be assigned to; and the second is to produce 
a mechanism or calculation which actually accomplishes or suffi- 
ciently approximates the desired assignment. The principal consid- 
eration in handling the first task is the risk associated with erroneous 
assignments; in the second task, the practicality of the assignment 
procedure. 

We referred earlier to the literature on pattern recognition prob- 
lems. The partial attacks we mentioned are largely concerned with 
classification, and within this area primarily with the carrying out of 
a specified assignment function . 8 Relatively few writers give any 
recognition at all to the task of choosing the assignment function. 
In some cases this seems to stem from the view that it is someone 
else’s job to eliminate (in our terminology) all of the noise that exists 
in the channels of communication, for in the absence of noise the 
correct assignment is presumably known. 

The determination of a suitable assignment function is analogous 
to the standard statistical problem of developing a test of hypotheses. 
The segments of the records are analogous to vector samples, and the 
subpatterns correspond to the statistical universes from which the 
samples are drawn. In our example, the subpattems for the initial 
segment are groups of capital letters, such as the group (J, Y, Z); 
and an additional one, the “null” subpattem, corresponding to the 
case where no underlying letter is present, for example, because the 
extraction was incorrectly done. 

The methods of deriving suitable statistics for the classification 
problem belong to decision theory. In order for these methods to be 
applied, however, two assumptions must hold. These assumptions 
are: first, that each subpattem gives rise to a valid probability dis- 



7 It can be questioned whether this oversimplifies the situation; might not 
the proper output be a set of probabilities or other scores assigned to the various 
subpatterns? Such a modification is not necessary, but to explain the justifica- 
tion for this assertion, a long and difficult philosophical and mathematical di- 
gression would be required. In any case, those who prefer may interpret “esti- 
mated subpattern” as a vector of posterior probabilities; nothing essential in 
the remaining discussion is affected. 

8 The Perceptron research, and related investigations, treat the problem of 
learning an assignment function from a sample of assignments. The pre-exist- 
ence of the function, in implicit form at least, is apparently assumed. 



UNCLASSIFIED 



20 




REF ID : A62856 
w. w. JACOBS UNCLASSIFIED 



tribution of the corresponding segments; second, that either the 
knowledge of pattern structure yields complete specifications of these 
distributions or there are available adequate samples to estimate any 
unknown parameters. 

The importance of these assumptions is underlined by the fact 
that many attempts to develop recognition procedures are carried 
out under laboratory conditions, with noise kept to a minimum. The 
result is that no information is obtained about the probability dis- 
tributions that hold under actual conditions, and the procedures that 
apply in the laboratory may be of little use outside. 

It is sometimes claimed that the question of a proper statistic for 
classification is not important: that there exists some transformation 
of the segment which will expose an invariant, easily identified char- 
acteristic of the subpattem. This assumption has generally proved 
too optimistic even in such relatively favorable situations as the 
recognition of characters from a fixed font. In the case of written 
letters, even the human will make some proportion of bad identifi- 
cations without the help of context to correct him. In our hand- 
writing example, it is evident from Fig. 4 that once the letter “n” 
has been isolated, there can be no test which clearly .differentiates it 
from the letter “u”. However, as soon as it is admitted that no 
perfect test can exist, it becomes important to specify one that keeps 
down the probability of error. 

It should not be assumed, because we have said that methods 
exist for the determination of classification statistics when the proper 
assumptions are satisfied, that the task is always a trivial one. Even 
when the number of subpattems is as small as three, the theoretical 
difficulties can be severe and the practical ones are worse, unless the 
subpattems have been well chosen. As the number of subpatterns 
becomes large, the difficulties become overwhelming. This may help 
to account for the almost universal hope in such cases that some 
panacea will, by great good luck, do an adequate job. 

Trying to avoid extraction by working with the record as a whole, 
one has to find a method of classification with large numbers of un- 
derlying patterns. All of our experience supports the conclusion 
that most of the time it is better to break a problem into smaller 
parts than to struggle with the undivided problem. 

With our handwriting example, we shall prudently avoid any dis- 
cussion of possible classification statistics. For the purposes of the 
rest of the discussion, we assume that such a statistic has been ap- 
plied, and has produced an estimated subpattern for the initial 
segment. 



21 



UNCLASSIFIED 




REF ID : A62856 



i 

UNCLASSIFIED pattern recognition 

INTEGRATION 

In the usual recognition problem a series of extraction and classi- 
fication steps will give rise to a sequence of subpattems. Making 
the sequence of subpattems “add up to” an answer to the original 
problem is the job of the integration function in the recognition 
procedure. Integration must therefore control the sequencing of the 
extraction and classification, and handle any feedback that is in- 
volved in the recognition. 

Consider the handwriting example, and suppose that the initial 
segment has been classified as belonging to the subpattern of “tailed” 
capital letters, i. e., is one of J, Y, Z. This produces, out of the list 
of 250 first names, a list of perhaps 20 possibilities for the remainder 
of the first name: ames, ohn, oan, vonne, ves, achary, elda, and so on. 
Clearly the use of such a small and specific list of possibilities can 
bring into consideration a new group of practical possibilities for the 
extraction and classification of the second segment. As a conse- 
quence of this type of feedback, every iteration should be able to re- 
strict itself to a small number of subpattems. 

If the extraction of segments and their classification proceed inde- 
pendently rather than iteratively, and if there is no effort to correct 
errors in these stages either by context or by error detection and 
iteration, then integration is a relatively trivial step. For problems 
of any complexity, where errors in the earlier aspects cannot be al- 
lowed to cause the procedure to fail, integration is a major aspect of 
the procedure. 

If integration is to control iterative processes and use earlier re- 
sults to make decisions about later ones, then error detection and 
correction become possible. For example, the set of letters J-o-h-u 
is readily recognized as “John”. Whether J-o-h-f should be treated 
as a name not on the list depends on probability distributions of that 
outcome under the two subpatterns “John” and “not listed”, as well 
as on the consequences of the two possible way of making an er- 
roneous decision. 

CONCLUSION 

We have described a model of pattern recognition, based on treat- 
ing the problem as related to communication theory. This model 
leads to a structure for recognition procedures in general, and pro- 
vides a basis for evaluating the thoroughness with which a proposed 
procedure attacks the various aspects of the recognition task. 

Although the discussion may have appeard to stress the difficulties 
of such functions as extraction and classification, our purpose has 
been primarily to warn against a tendency to gloss over or wish 



UNCLASSIFIED 



22 



REF ID : A62856 



i 



W. W. JACOBS 



UNCLASSIFIED 



away certain aspects of the job. We feel that these difficulties are 
surmountable, once they are squarely faced. 

In fact, when the problems are formulated concretely enough, even 
such currently unmanageable tasks as identifying handwritten ma- 
terial by machine can begin to look quite feasible. The use of iter- 
ative procedures, which at all points deal with a relatively small set 
of subpatterns, and apply these to narrow the problem successively, 
seems to represent the most hopeful direction for continued explor- 
ation. 

APPENDIX 

It appears useful to restate in mathematical language the model 
that has been presented in the preceding pages. This model involves 

M = the space of messages m. 

S = the space of signals s. 

R = the space of records r. 

Associated with each point of M is a conditional probability meas- 
ure on S: 

Pr[s | m ] 

and with each point of S a conditional probability measure on R: 

Pr[r | s] . 

These induce a conditional probability measure 



Pr[r | m\ = J Pr[r | s]d Pr[s | m] . 



A pattern P is a partition of M: that is, a set P, of non-overlapping 
classes of messages which together exhaust M. 



M = P„ + P x + 



+ Pk, 



Pi P, = 0. 



A decision procedure D for recognition is a corresponding partition 
of R: that is a set D, such that 



R = D 0 + Di + 



+ D k , 



DiDj - 0 . 



In order that the validity of a decision procedure can have any 
meaning, the probability measures 

Pr[r | P t ] 



23 



UNCLASSIFIED 



REF ID : A62856 



i 



UNCLASSIFIED pattern recognition 

must exist. This requires that there be a set of relative probability 
measures over each of the subspaces P,; if these measures are de- 
noted by Mi, then 

Pr[r\Pi] *= f p Pr[r\m\din{m). 

However, the partition P is specified by the recognizer, and there- 
fore the relative measures must exist for any partition P. This can 
happen only if there is a measure m defined on M, with 

Mi (m) = ju(m) -h v(Pi) whenever n(Pi) >o. 

The problem now reduces to the typical estimation problem of de- 
cision theory, with the classes P, corresponding to the states of na- 
ture or hypotheses, the sets D { the actions or estimates, and the 
n(Pi) the prior probabilities. 




UNCLASSIFIED 



24 



REF ID:A62856 




Introduction to Cryptology— IV 

BY WILLIAM F. FRIEDMAN 
Confidential 

Cryptology in the Civil War 

A detailed account of the codes and ciphers of the Civil War in the 
United States of America can hardly be told without beginning with 
a bit of biography about the man who became the first signal officer 
in history and the first Chief Signal Officer of the United States Army, 
Albert J. Myer, the man in whose memory that lovely little U. S. 



Army post adjacent to Arlington Cemetery was named. Myer was 
bom on 20 September 1827, and after an apprenticeship in the then 
■t quite new science of electric telegraphy he entered Hobart College, 

Geneva, New York, from which he was graduated in 1847. From 
early youth he had exhibited a predilection for artistic and scientific 
4 studies, and upon leaving Hobart he entered Buffalo Medical College, 

receiving the M.D. degree four years later. His graduation thesis, 
“A Sign Language for Deaf Mutes,” contained the germ of the idea 
he was to develop several years later, when, in 1854, he was commis- 
sioned a 1st Lieutenant in the Regular Army, made an Assistant 



25 



REF ID : A62856 



CONr i DCHT I AL history of cryptology 

Surgeon, and ordered to New Mexico for duty. He had plenty of 
time at this far-away outpost to think about developing an efficient 
system of military “aerial telegraphy,” which was what visual sig- 
naling was then called. I emphasize the word “system” because, 
strange to say, although instances of the use of lights and other visual 
signals can be found throughout the history of warfare, and their use 
between ships at sea had been practiced by mariners for centuries, 
yet down to the middle of the 19th Century surprisingly little pro- 
gress had been made in developing methods and instruments for the 
systematic exchange of military information and instructions by means 
of signals of any kind. Morse’s practical system of electric tele- 
graphy, developed in the years 1832-35, served to focus attention 
within the military upon systems and methods of inter-communica- 
tion by means of both visual and electrical signals. In the years 
immediately preceding the Civil War, the U. S. Army took steps to 
introduce and to develop a system of visual signaling for general use 
in the field. It was Assistant Surgeon Myer who furnished the 
initiative in this matter. 

In 1856, two years after he was commissioned assistant surgeon, 
Myer drafted a memorandum on a new system of visual signaling 
and obtained a patent on it. Two years later, a board was appointed 
by the War Department to study Myer’s system. It is interesting to 
note that one of the officers who served as an assistant to Myer in 
demonstrating his system before the board was a Lieutenant E. P. 
Alexander, Corps of Engineers. We shall hear more about him 
presently, but at the moment I will say that on the outbreak of war, 
Alexander organized the Confederate Signal Corps. After some suc- 
cessful demonstrations by Myer and his assistants, the War Depart- 
ment fostered a bill in Congress, which gave its approval to his ideas. 
But what is more to the point, Congress appropriated an initial 
amount of $2,000 to enable the Army and the War Department to 
develop the system. The money, as stated in the Act was to be used 
“for manufacture or purchase of apparatus and equipment for field 
signaling.” The act also contained another important provision: it 
authorized the appointment, on the Army staff, of one Signal Officer 
with the rank, pay, and allowances of a major of cavalry. On 2 July 
1860, “Assistant Surgeon Albert J. Myer (was appointed) to be Signal 
Officer, with the rank of Major, 27 June 1860, to fill an original 
vacancy,” and two weeks later Major Myer was ordered to report to 
the Commanding General of the Department of New Mexico for 
signaling duty. The War Department also directed that two officers 
be detailed as his assistants. During a several months’ campaign 
against hostile Navajos, an extensive test of Myer’s new system, 
using both flags and torches, was conducted with much success. In 



COHriDCNT l A t 



26 



REF ID : A62856 

w. F. FRIEDMAN COHriDCHT I AL 

October 1860, a Lieutenant J. E. B. Stuart, later to become famous 
as a Confederate cavalry leader, tendered his services to aid in signal 
instruction. 

Less than a year after Major Myer was appointed as the first and, 
at that time, the only Signal Officer of the U.S. Army, Fort Sumter 
was attacked and, after a 36-hour bombardment, surrendered. The 
bloody four-year war between the North and the South began. The 
date was 14 April 1861. Myer’s system of aerial telegraphy was soon 
to undergo its real baptism under fire, rather than by fire. But with 
the outbreak of war, another new system of military signal communi- 
cation, signaling by the electric telegraph, began to undergo its first 
thorough test in combat operations. This in itself is very important 
in the history of cryptology. But far more significant in that history 
is a fact that I mentioned at the close of the last lecture, viz, that for 
the first time in the conduct of organized warfare, rapid and secret 
military communications on a large scale became practicable, because 
cryptology and electric telegraphy were now to be joined in a lasting 
wedlock. For when the war began, the electric telegraph had been 
in use for less than a quarter of a century. Although the first use of 
electric telegraphy in military operations was in the Crimean War in 
Europe (1854-56), its employment was restricted to communications 
exchanged among headquarters of the Allies, and some observers 
were very doubtful about its utility even for this limited usage. It 
may also be noted that in the annals of that war there is no record of 
the employment of electric telegraphy together with means for pro- 
tecting the messages against their interception and solution by the 
enemy. 

On the Union side in the Civil War, military signal operations 
began with Major Myer’s arrival in Washington on 3 June 1861. 

His basic equipment consisted of kits containing a white flag with a 
red square in the center for use against a dark background; a red flag 
with a white square for use against a light background; and torches 
for night use. It is interesting to note that these are the elements 
which make up the familiar insignia of our Army Signal Corps. The 
most pressing need which faced Major Myer was to get officers and 
men detailed to him wherever signals might be required, and to train 
them in what had come to be called the “wigwag system,” 1 the 
motions of which are depicted in Fig. 1. This training included 
learning something about codes and ciphers, and gaining experience 
in their usages. 

But there was still no such separate entity as a Signal Corps of the 

$ 

1 And, of course, the G. I.’s of those days had a pet name for the users of the 
system. They called them “flag Hoppers.” 



27 



COMr i DCNT I A T 



W. F. FRIEDMAN 



REF ID : A62856 



CO N FIDENT I AL 

Army. Officers and enlisted men were merely detailed for service 
with Major Myer for signaling duty. It was not until two years 
after the war started that the Signal Corps was officially established 
and organized as a separate branch of the Army, by appropriate 
Congressional action. 

In the meantime, another signaling organization was coming into 
being — an organization which was an outgrowth of the government’s 
taking over control of the commercial telegraph companies in the 
United States on 25 February 1862. There were then only three in 
number: the American, the Western Union, and the Southwestern. 
The telegraph lines generally followed the right-of-way of the rail- 
roads. The then Secretary of War, Simon Cameron, sought the aid 
of Thomas A. Scott, of the Pennsylvania Railroad, who brought some 
of his men to Washington for railroad and telegraphic duties with the 
Federal Government. From a nucleus of four young telegraph oper- 
ators grew a rather large military telegraph organization which was 
not given formal status until on 28 October 1861 President Lincoln 
gave Secretary Cameron authority to set up a “U.S. Military Tele- 
graph Department” under a man named Anson Stager, who, as gen- 
eral superintendent of the Western Union, was called to Washington, 
commissioned a captain (later a colonel) in the Quartermaster Corps, 
and made superintendent of the Military Telegraph Department. 
Only about a dozen of the members of the Department became com- 
missioned officers, and they were made officers so that they could 
receive and disburse funds and property; all the rest were civilians. 
The U.S. Military Telegraph “Corps,” as it soon came to be desig- 
nated, without warrant, was technically under Quartermaster General 
Meigs, but for all practical purposes it was under the immediate and 
direct control of the Secretary of War, a situation admittedly accept- 
able to Meigs. There were now two organizations for signaling in the 
Army, and it was hardly to be expected that no difficulties would 
ensue from the duality. In fact, the difficulties began very soon, as 
can be noted in the following extract from a lecture before the 
Washington Civil War Round Table, early in 1954, by Dr. George 
R. Thompson, Chief of the Historical Division of the Office of the 
Chief Signal Officer of the U.S. Army: 

The first need for military signals arose at the important Federal 
fortress in the lower Chesapeake Bay at Fort Monroe. Early in June, 
Myer arrived there, obtained a detail of officers and men and began 
schooling them. Soon his pupils were wig-wagging messages from a 
small boat, directing fire of Union batteries located on an islet in 
Hampton Roads against Confederate fortifications near Norfolk. 

Very soon, too, Myer began encountering trouble with commercial wire 
telegraphers in the area. General Ben Butler, commanding the Fed- 
eral Department in southeast Virginia, ordered that wire telegraph 

29 CONF I DENT I AL 




REF ID : A62856 



f 





COHr i DCNT I AL history of cryptology 

facilities and their civilian workers be placed under the signal officer. 

The civilians, proud and jealous of their skills in electrical magic, 
objected in no uncertain terms and shortly an order arrived from the 
Secretary of War himself who countermanded Butler’s instructions. 

The Army signal officer was to keep hands off the civilian telegraph 
even when it served the Army. 

I have purposely selected this extract from Dr. Thompson’s pre- 
sentation because in it we can clearly hear the first rumblings of that 
lengthy and acrimonious feud between two signaling organizations 
whose uncoordinated operations and rivalry greatly reduced the 
efficiency of all signaling operations of the Federal Army. As already 
indicated, one of these organizations was the U.S. Military Telegraph 
“Corps,” hereinafter abbreviated as the USMTC, a civilian organi- 
zation which operated the existing commercial telegraph systems for 
the War Department, under the direct supervision of the Secretary 
of War, Edwin M. Stanton. The other organization was, of course, 
the infant Signal Corps of the United States Army, which was not 
yet even established as a separate Branch, whereas the USMTC had 
been established in October 1861, as noted above. Indeed, the 
Signal Corps had to wait until March 1863, two years after the out- 
break of war, before being established officially. In this connection it 
should be noted that the Confederate Signal Corps had been estab- 
lished a full year earlier, in April 1862. Until then, as I’ve said 
before, for signaling duty on both sides, there were only officers who 
were individually and specifically detailed for such duty from other 
branches of the respective Armies of the North and the South. 
Trouble between the USMTC and the Signal Corps of the Union 
Army began when the Signal Corps became interested in signaling 
by electric telegraphy and began to acquire facilities therefor. 

As early as in June 1861, Chief Signal Officer Myer had initiated 
action toward acquiring or obtaining electrical telegraph facilities for 
use in the field but with one exception nothing happened. The excep- 
tion was in the case of the episode in the military department in 
southeast Virginia, commanded by General Benjamin Butler, an 
episode that clearly foreshadowed the future road for the Signal Corps 
in regard to electrical signaling: the road was to be closed and barred. 
In August 1861, Colonel Myer tried again and in November of the 
same year he recommended in his annual report that $30,000 be 
appropriated to establish an electric signaling branch in the Signal 
Corps. The proposal failed to meet the approval of the Secretary of 
War. One telegraph train, however, which had been ordered by 
Myer many months before, was delivered in January 1862. The 
train was tried out in an experimental fashion, and under considerable 
difficulties, the most disheartening of which was the active opposition 
of persons in Washington, particularly the Secretary of War. So, for 

■ cowromM : 




30 



REF ID : A62856 



W. F. FRIEDMAN CONFIDENT I AL 

practically the whole of the first two years of the war, signal officers 
on the Northern side had neither electrical telegraph facilities nor 
Morse operators — they had to rely entirely on the wig-wag system. 
However, by the middle of 1863 there were thirty “flying- telegraph” 
trains in use in the Federal Army. Here’s a picture of such a train. 
The normal length of field telegraph lines was five to eight miles, 
though in some cases the instruments had worked at distances as 
great as twenty miles. But even before the Signal Corps began to 




A drawing from Myer’s Manual of Signals illustrating the field, or flying, telegraph, It shows 
the wagon with batteries and instruments. The wire (in this case presumably bare copper, 
since it is being strung on insulators on poles) is being run out from a reel carried by two men! 
The linesmen are using a crowbar to open holes to receive the lance poles. Myer estimated that 
2 Vi miles of such wire line could be put up in an hour. 



Fig. 2. 

acquire these facilities, there had been agitation to have them, as well 
as their Signal Corps operating personnel, all turned over to the 
USMTC, which had grown into a tightly-knit organization of over 
1,000 men and had become very influential in Washington, especially 
by virtue of its support from Secretary of War Stanton. As a con- 
sequence, the USMTC had its way. In the fall of 1863, it took over 
all the electric telegraph facilities and telegraph operators of the 
Signal Corps. Colonel Myer sadly wrote: “With the loss of its 
electric lines the Signal Corps was crippled.” 

So now there were two competing signal organizations on the 
Northern side: The U.S. Army’s Signal Corps, which was composed 

entirely of military personnel with no electric telegraph facilities (but 
was equipped with means for visual signaling), and the USMTC, 
which was not a part of the Army, being staffed almost entirely with 
civilians, and which had electric telegraph facilities and skilled Morse 

31 CONF I DENT I AL 



j 

| 

j 

t 








REF ID:A62856 



CONF I DENTIAL history of cryptology 

operators (but no means or responsibilities for visual signaling or 
“aerial telegraphy” which, of course, was old stuff). “Electric tele- 
graphy” was now the thing. The USMTC had no desire to share 
electric telegraphy with the Signal Corps, a determination in which 
it was most ably assisted by Secretary of War Stanton, for reasons 
that fall outside the scope of the present lecture. 

However, from a technical point of view it is worth going into this 
rivalry just a bit, if only to note that the personnel of both organiza- 
tions, the military and the civilian, were not merely signalmen and 
telegraph operators: they served also as cryptographers and were 
therefore entrusted with the necessary cipher books and cipher keys. 
Because of this, they naturally became privy to the important secrets 
conveyed in cryptographic communications and they therefore 
enjoyed status as VIP’s. This was particularly true of members of 
the USMTC, because they, and only they, were authorized to be 
custodians and users of the cipher books. Not even the commanders 
of the units they served had access to them. For instance, on the 
one and only occasion when General Grant forced his cipher operator, 
a civilian named Beckwith, to turn over the current cipher book to a 
colonel on Grant’s staff, Beckwith was immediately discharged by the 
Secretary of War and Grant was reprimanded. A few days later, 
Grant apologized and Beckwith was restored to his position. But 
Grant never again demanded the cipher book held by his telegraph 
operator. 

The Grant-Beckwith affair alone is sufficient to indicate the lengths 
to which Secretary of War Stanton went to retain control over the 
USMTC, including its cipher operators, and its cipher books. In 
fact, so strong a position did he take that on 10 November 1863, 
following a disagreement over who should operate and control all the 
military telegraph lines, Myer, by then full Colonel, and bearing the 
imposing title “Chief Signal Officer of the United States Army,” a 
title he had enjoyed for only two months, was peremptorily relieved 
from that position and put on the shelf. Not long afterward, and 
for a similar reason, Myer’s successor, Lieutenant Colonel Nicodemus, 
was likewise summarily relieved as Chief Signal Officer by Secretary 
Stanton; indeed, he was not only removed from that position — he was 
“dismissed the Service.” Stanton gave “phoney” reasons for 
dismissing Colonel Nicodemus, but I am glad to say that the latter 
was restored his commission in March 1865, by direction of the 
President; also by direction of the President, Colonel Myer was 
restored to his position as Chief Signal Officer of the U.S. Army on 
25 February 1867. 

When Colonel Myer was relieved from duty as Chief Signal Officer 
in November 1863, he was ordered to Cairo, Illinois, to await orders 

CONriDCNT I A tr 32 



REF ID : A62856 



w. f. friedman COHriDCHT I AL 

for a new assignment. Very soon thereafter he was either designated 
(or he may have himself decided) to prepare a field manual on sig- 
naling and there soon appeared, with a prefatory note dated January 
1864, a pamphlet of 148 pages, a copy of which is now in the Rare 
Book Room of the Library of Congress. The title page reads as 
follows: 

“A Manual of Signals: for the use of signal officers in the field. By 

Col. Albert J. Myer, Signal Officer of the Army, Washington, D. C., 
1864.” 

Even in this first edition, printed on an Army press, Myer devoted 
nine pages to a reprint of an article from Harper’s Weekly entitled 
“Curiosities of Cipher,” and in the second edition, 1866, he expanded 
the section on cryptography to sixty pages. More editions followed 
and I think we may well say that Myer’s Manual, in it several editions, 
was the pioneer American text on military signaling. But I’m sorry 
to say that as regards cryptology it was rather a poor thing. Poe had 
done better twenty years before that in his essay entitled “A few 
words on secret writing.” 

Because of its historic nature, you may like to see what Myer’s 
original “wig-wag code” was like. It was called “a two-element 
code” because it employed only two digits, 1 and 2, in permutations 
of 1, 2, 3 and 4 groups. For example, A was represented by the per- 
mutation 22; B, by 2122; and C, by 121, etc. In flag signaling, a 
“1” was indicated by a motion to the left, and a “2” by a motion to 
the right. Later these motions were reversed, for reasons which 
must have been good but are now not obvious. * Here is Myer’s two- 
element code which continued to be used until 1912: 



GENERAL SERVICE CODE 



A 


- 22 


M 


- 1221 


Y - 111 




B 


- 2122 


N 


- 11 


Z - 2222 




C 


- 121 


0 


- 21 


& - 1111 




D 


- 222 


P 


- 1212 


ing - 2212 




E 


- 12 


Q 


- 1211 


tion - 1112 




F 


- 2221 


R 


- 211 






G 


- 2211 


S 


- 212 


End of word 


- 3 


H 


- 122 


T 


2 


End of sentence 


- 33 


I 


1 


U 


- 112 


End of message 


- 333 


J 


- 1122 


V 


- 1222 


Affirmative 


- 22.22.22.3 


K 


- 2121 


w 


- 1121 


Repeat 


- 121.121.121 


L 


- 221 


X 


- 2122 


Error 


- 212121 



Note: No. 3 (end of word) was made by a forward downward motion, 
called “front”. There were about a dozen more signals, for nu- 
merals, for frequently used short sentences, etc. 



*This reversal can be seen in Fig. 1. 




33 



- COMr i DCHT I At r 



REF ID : A62856 



- COHriDCNTIA t' history of cryptology 

We must turn our attention now to the situation as regards the 
organization for signaling in the Confederate Army. It is of con- 
siderable interest to note that in the first great engagement of the 
War, that of the first Bull Run battle, the Confederate Signal Officer 
was that young Lieutenant, E. P. Alexander, who had assisted in 
demonstrating the wig-wag system before a board appointed by the 
War Department to study Myer’s system. Alexander, now a Captain 
in grey, used Myer’s system during the battle, which ended in disaster 
for the Union forces; and it is said that Alexander’s contribution by 
effective signaling was an important factor in the Confederate victory. 
Dr. Thompson, whom I have quoted before, says of this battle: 

Thus the fortunes of war in this battle saw Myer’s system of signals 
succeed, ironically, on the side hostile to Myer. Because of general 
unpreparedness and also some disinterest and ignorance, the North 
had neither wig-wag signals nor balloon observations. 

The only communication system which succeeded in signal work for 
the Union Army was the infant USMTC. But the Confederate 
system under Alexander, off to a good start at Bull Run, throughout 
the war operated with both visual and electric telegraphy, and the 
Confederates thought highly enough of their signal service to establish 
it on an official basis, on 19 April 1862, less than a year after that 
battle. Thus, although the Confederate Signal Corps never became 
a distinct and independent branch of the Army as did the Union 
Signal Corps, it received much earlier recognition from the Confed- 
erate Government than did the Signal Corps of the Federal Govern- 
ment. Again quoting Dr. Thompson: 

The Confederate Signal Corps was thus established nearly a year 
earlier than its Federal counterpart. It was nearly as large, number- 
ing some 1,500, most of the number, however, serving on detail. The 
Confederate Signal Corps used Myer’s system of Sags and torches. 

The men were trained in wire telegraph, too, and impressed wire facil- 
ities as needed. But there was nothing in Richmond or in the field 
comparable to the extensive and tightly controlled civilian military 
telegraph organization which Secretary Stanton ruled with an iron hand 
from Washington. 

We come now to the codes and ciphers used by both sides in the 
war, and in doing so we must take into consideration the fact that on 
the Union side, there were, as I have indicated, two separate organi- 
zations for signal communications; one for visual signaling, the other 
for electric. We should therefore not be too astonished to find that 
the cryptosystems used by the two competing organizations were 
different. On the other hand, on the Confederate side, as just noted, 
there was only one organization for signal communications, the Signal 
Corps of the Confederate States Army, which used both visual and 
electric telegraphy, the latter facilities being taken over and employed 



34 



W. F. FRIEDMAN 



REF ID : A62856 

CONFIDENT I AL - I 

when and where they were available. There were reasons for this 
marked difference between the way in which the Union and the Con- 
federate signal operations were organized and administered but I do 
not wish to go into them now. One reason, strange to say, had to do 
with the difference between the cryptocommunication arrangements 
in the Union and in the Confederate Armies. 

We will discuss the cryptosystems used by the Federal Signal Corps 
first and then those of the Confederate Signal Corps. Since both jl 
corps used visual signals as their primary mfeans, we find them em- 
ploying Myer’s visual-signaling code shown above. At first both 
sides sent unenciphered messages; but soon after learning that their i j 
signals were being intercepted and were being read by the enemy, 
each side decided to do something to protect its messages. Initially 
both decided on the same artifice, viz, changing the visual-signaling | 
equivalents for the letters of the alphabet, so that, for instance, “22” 
was not always “A,” etc. This sort of changing-about of values soon 
became impractical, since it prevented memorizing the wig-wag equiv- 
alents once and for all. The difficulty in the Union Army’s Signal 
Corps was solved by the introduction into usage of a cipher disk 
invented by Myer himself. A full description of the disk in its 
various embodiments will be found in Myer’s Manual, but here’s a 
picture of three forms of it. You can see how readily the visual wig- j 
wag equivalents for letters, figures, etc., can be changed according to |j 

some pre-arranged indicator for juxtaposing concentric disks. In my !i; i 
Fig. 3 the top left disks (Fig. 1 of Myer’s Plate XXVI) show that the 
letter A is represented by 112, B, by 22, etc. By moving the two ; 

circles to a different juxtaposition a new set of equivalents will be ! j 
established. Of course, if the setting is kept fixed for a whole message ; 

the encipherment is strictly monoalphabetic; but Myer recommends 
changing the setting in the middle of the message or, more specifically, 
at the end of each word, thus producing a sort of polyalphabetic cipher 
which would delay solution a bit. An alternative way, Myer states, 
would be to use what he called a “countersign word,” but which we i 

call a keyword, each letter of which would determine the setting of the 
disk for a single word or for two consecutive words, etc. Myer ap- 
parently did not realize that retaining or showing externally, that is, 
in the cipher text, the lengths of the words of the plain text very 
seriously impairs the security of the cipher message. A bit later we 
shall discuss the security afforded by the Myer disk in actual practice. 

In the Confederate Signal Corps, the system used for encipherment 
of visual signals was apparently the same as that used for enciphering 
telegraphic messages, and we shall soon see what it was. Although 
Myer’s cipher disk was captured a number of times, it was apparently 
disdained by the Confederates, who preferred to use a wholly different 




REF ID : A62856 

W. F. FRIEDMAN CONFIDENT I AL 

type of device, as will be described presently, for both visual and 
electric telegraphy. 

So much for the cryptosystems used in connection with visual 
signals by the Signal Corps of both the North and the South, systems 
which we may designate as “tactical ciphers.” We come now to the 
systems used for what we may call “strategic ciphers,” because the 
latter were usually exchanged between the seat of Government and 
field commanders, or among the latter. In the case of these com- 
munications the cryptosystems employed by each side were quite 
different. 

On the Northern side the USMTC used a system based upon what 
we now call transposition but in contemporary accounts they were 
called “route ciphers” and that name has stuck. The designation 
isn’t too bad, because the processes of encipherment and decipher- 
ment, though dealing not with the individual letters of the message 
but with entire words, involves following the prescribed paths or 
routes in a diagram in which the message is written. I know no 
simpler or more succinct description of the route cipher than that 
given by one of the USMTC operators, J. E. O’Brien, in an article in 
Century Magazine, XXXVIII, September 1889, entitled “Telegraphing 
in Battle”: 

The principle of the cipher consisted in writing a message with an 
equal number of words in each line, then copying the words up and 
down the columns by various routes, throwing in an extra word at the 
end of each column, and substituting other words for important names 
and verbs. 



I: 




A more detailed description in modern technical terms would be as 
follows: A system in which in encipherment the words of the plain- 

text message are inscribed within a matrix of a specified number of 
rows and columns, inscribing the words within the matrix from left to 
right, in successive lines and rows downward as in ordinary writing, 
and taking the words out of the matrix, that is, transcribing them, 
according to a prearranged route to form the cipher message. The 
specific routes to be followed were set forth in numbered booklets, 
each being labeled “War Department Cipher” followed by a number. 
In referring to them hereinafter I shall use the term “cipher books,” 
or sometimes, more simply, the term “ciphers,” although the crypto- 
system involves both cipher and code processes. It is true that the 
basic principle of the system, that of transposition, makes the system 
technically a cipher system as defined in our modem terminology; 
but the use of “arbitraries,” as they were called, that is, words arbi- 
trarily assigned to represent the names of persons, geographic points, 
important nouns and verbs, etc., makes the system technically a code 
system as defined in our modem terminology. 




CONF I DENT I AL 




37 



REF ID : A62856 



CONriDENTIAL history of cryptology 

There were in all about a dozen cipher books used by the USMTC 
throughout the war. For the most part they were employed con- 
secutively, but, it seems that sometimes two different ones were 
employed concurrently. They contained not only the specific routes 
to be used but also indicators for the routes and for the sizes of the 
matrices; and, of course, there were lists of code words, with their 
meanings. These route ciphers were supposed to have been the 
invention of Anson Stager, whom I have mentioned before in connec- 
tion with the establishment of the USMTC, and who is said to have 
first devised such ciphers for General McClellan’s use in West Virginia, 
in the summer of 1861, before McClellan came to Washington to 
assume command of the Army of the Potomac. 

Anson Stager and many others thought that he was the original 
inventor of the system, but such a belief was quite in error because 
word-transposition methods similar to Stager’s were in use hundreds 
of years before his time. For instance, in 1685, in an unsuccessful 
attempt to invade Scotland, in a conspiracy to set the Duke of 
Monmouth on the throne, Archibald Campbell, 9th Earl of Argyll, 
suffered an unfortunate “accident”. He was taken prisoner and 
beheaded by order of James the Second. The communications of the 
poor Earl were not secure, and when they fell into government hands 
they were soon deciphered. The method Argyll used was that of 
word transposition, and if you are interested in reading a contem- 
porary account of how it was solved, look on pages 56-59 of that little 
book I mentioned before as being one of the very first books in English 
dealing with the subject of cryptology, that by James Falconer, 
entitled Cryptomenysis Patefacta : Or the Art of Secret Information 
Disclosed Without a Key, published in London in 1685. There you 
will find the progenitor of the route ciphers employed by the USMTC, 
180 years after Argyll’s abortive rebellion. 

The route ciphers employed by the USMTC are fully described in 
a book entitled The Military Telegraph during the Civil War, by 
Colonel William R. Plum, published in Chicago in 1882. I think 
Plum’s description of them is of considerable interest and I recom- 
mend his book to those of you who may wish to learn more about 
them, but they are pretty much all alike. If I show you one example 
of an actual message and explain its encipherment and decipherment 
I will have covered practically the entire gamut of the route ciphers 
used by the USMTC, so basically very simple and uniform were they. 
And yet, believe it or not, legend has it that the Southern signalmen 
were unable to solve any of the messages transmitted by the USMTC. 
This long-held legend I find hard to believe. In all the descriptions 
I have' encountered in the literature not one of them, save the one 
quoted above from O’Brien, tries to make these ciphers as simple as 



38 



REF ID:A62856 



w. F. FRIEDMAN CONFIDENT I AL 

they really were; somehow, it seems to me, a subconcsious realization 
on the part of Northern writers, usually ex-USMTC operators, of the 
system’s simplicity prevented a presentation which would clearly 
show how utterly devoid it was of the degree of sophistication one 
would be warranted in expecting in the secret communications of a 
great modem army in the decade 1860-1870, three hundred years 
after the birth of modern cryptography in the papal states of Italy. 

Let us take the plain text of a message which Plum (p. 58) used in 
an example of the procedure in encipherment. The cipher book 
involved is No. 4 and I happen to have a copy of it so we can easily 
check Plum’s work. Here’s the message to be enciphered: 

Washington, D. C. 

July 15, 1863 

For Simon Cameron 

I would give much to be relieved of the impression that Meade, 
Couch, Smith and all, since the battle of Gettysburg, have striven only 
to get the enemy over the river without another fight. Please tell me 
if you know who was the one corps commander who was for fighting, in 
the council of war on Sunday night. 

(Signed) A. Lincoln 

Plum shows the word-for-word encipherment in a matrix of seven 
columns and eleven rows. 2 He fails to tell us why a matrix of those 
dimensions was selected; presumably the selection was made at 
random, which was certainly permissible. (See fig. 4.) 

Note the seven “nulls” (non-significant, or “blind” words) at the 
tops and bottoms of certain columns, these being added to the cipher 
text in order to confuse a would-be decipherer. At least that was the 
theory, but how effective this subterfuge was can be surmised, once 
it became known that employing nulls was the usual practice. Note 
also the two nulls (bless and him) at the end of the last line to com- 
plete that line of the matrix. Words in italics are “arbitraries” or 
code words. 

The cipher message is then copied down following the route pre- 
scribed by the indicator “BLONDE,” as given on page 7 of Cipher 
Book No. 4 for a message of 11 lines. The indicator could have also 
been “LINIMENT.” 



2 Ruled paper was provided to aid in accuracy. In the diagram the upper 
of each pair of lines of writing is the cipher, the lower one, the plain text. 
Simon Cameron was Lincoln’s Secretary of War until Jan 1862, when he was 
replaced by Edwin M. Stanton. If this message cited by Plum is authentic, 
and there is no reason to doubt this, then Cameron was still in friendly con- 
tact with Lincoln, possibly as a special observer. 

39 CONFIDENT I AL 




REF ID:A62856 



CONF I DENT I AL history of cryptology 



1 


2 


3 


4 


5 


6 


7 


(heavy) 








(county) 


(square) 




(null) 








(null) 


(null) 




Incubus 


Stewart 


Brown 


Norris 


Knox 


Madison 




Wash., D.C. 


July 


15th 


18 


60 


3 


for 


sigh 


man 


Cammer 


on 


flea 


I 


wood 


Simon 




Cameron 


(period) 


I 


would 


give 


much 


Toby 


trammeled 


serenade 


impression that 


give 


much 


to be 


relieved 


of the 


impression that 


Bunyan 


bear 


ax 


cat 


children 


and 


awl 


Meade 


, (comma) 


Couch 


, (comma) Smith 


and 


all 


bat 


since 


the 


knit 


of 


get 


ties 


, (comma) 


since 


the 


battle 


of 


Gettys 




large 


ass 


have 


striven 


only 


to 


get 


burg 


, (comma) have 


striven 


only 


to 


get 


village 


skeleton 


turnip 


without 


another 


optic 


hound 


the enemy 


over 


the river 


without 


another 


fight 


(period) 


Please 


tell 


me 


if 


you 


no 


who 


Please 


tell 


me 


if 


you 


know 


who 


was 


the 


Harry 


Madrid 


locust 


who 


was 


was 


the 


one 


corps 


commander who 


was 


for 


oppressing 


bitch 


quail 


counsel 


of 


war 


tor 


fighting 


, (comma) 


in the 


council 


of 


war 


on 


Tyler 


Rustle 


upright 


Adrian 


bless 


him 


on 


Sunday 


night 


Signature 


A. Lincoln 


(null) 


(null) 




(monkey) 


(silk) 


(martyr) 






(suicide) 




(null) 


(null) 


(null) 






(null) 



Fig. 4. 



























a 


■ 


■ 




a 


■ 


m 


m 


■ 


m 


■ 


■ 




























■ 


■ 






■ 


a 




■ 


■ 


■ 


■ 



B*draom 


jf 







£ 






± 






r 






& 






7 






Z 






? 






n 




Blonds mm. 


//. 





Fig. S. 

CONFIDENT I AL 40 




W. F. FRIEDMAN 



REF ID : A62856 = 

CO N FIDE N T I AL 

To explain the diagram at the top of Fig. 5 I will show you the 
“Directions for Use” which appear on the reverse side of the title page 
of “War Department Cipher No. 4,” because I’m afraid you wouldn’t 
believe me if I merely told you what they say. In Fig. 6 is a picture 
of the title page and I follow it with Fig. 7, a photograph of what’s on 
its reverse. 



DIRECTIONS FOR USE 



WAR DEPARTMENT CIPHER NO. 4. 

U/M It* 4 u~ ... U)<vr 

<J 1 5- 



To find the route, rend the figure** in the tuhk-iit top of jaigc from left 
to right in the order that they occur alternately in tile upper unil lower 
lincp, the two iutennediatc liner* of figures having no connection with 
the route, being introduced simply as u blind, the upjxT line of figures 
denoting the route the column and tin- lower line <»/». 

KXAMPI.K. 

Ska* |mge 14 ; 7 columns. 

Route — Up tlie 3d; flown the Oth ; up the 1st ; down the 7lh ; up the 
2d ; down the 4th ; up the 5th. 

Commence a cipher with one of the *• line indicators, 1 ' taken from 
same page ns mute used, which word must indicate the numlxT of lines 
in the message. Use two words for more than twenty lines. 




Fig. 6. 



Fig. 7. 



Do you imagine that the chap who was responsible for getting this 
cipher book approved ever thought about what he was doing when he 
caused those “Directions for Use” to be printed? It doesn’t seem 
possible. All he would have had to ask himself was, “Why put this 
piece of information in the book itself?” Cipher books before this 
have been captured. Suppose this one falls into enemy hands; can’t 
he read, too, and at once learn about the intended deception? Why 
go to all the trouble of including “phoney” routes anyway? If the 
book doesn’t fall into enemy hands what good are the “phoney” 
routes anyway? Why not just indicate the routes in a straight- 
forward manner, as had been done before? Thus: “Up the 6th 
column (since “6” is the first number at the left of the diagram), 
down the 3rd, up the 5th, down the 7th, up the 1st, down the 4th and 
down the 2nd.” This matter is so incredibly fatuous that it is hard 
to understand how sensible men — and they were sensible — could be 
so illogical in their thinking processes. But there the “Directions 
for Use” stand, for all the world to see and to judge. 

Now for the transposition step. The indicator “BLONDE” sig- 
nifies a matrix of seven columns and eleven rows, with the route set 

41 CONF I DENT I AL - 





REF ID:A62856 

CONFIDENT I AL history of cryptology 

forth above, viz, up the 6th column, down the 3rd, etc., so that the 
cipher text with a “phoney” address and signature, 3 becomes as 
follows: 

TO A. HARPER CALDWELL, Washington,* D. C. 

Cipher Operator, Army of the Potomac: 

Blonde bless of who no optic to get and impression I Madison square 
Brown cammer Toby ax the have turnip me Harry bitch rustle silk 
Adrian counsel locust you another only of children serenade flea Knox 
County for wood that awl ties get hound who was war him suicide on 
for was please village large bat Bunyan give sigh incubus heavy Norris 
on trammeled cat knit striven without if Madrid quail upright martyr 
Stewart man much bear since ass skeleton tell the oppressing Tyler 
monkey. 

(Signed) D. HOMER BATES 

Note that the text begins with the indicator “BLONDE”. In 
decipherment the steps are simply reversed. The indicator tells 
what size matrix to outline; the words beginning “bless of who no 
optic . . .” are inscribed within the matrix: up the 6th column; then, 
omitting the “check word” or “null” (which in this case is the word 
“square”) down the 3rd column, etc. The final result should corre- 
spond to what is shown in Fig. 4. There then follows the step of 
interpreting orthographic deviations, such as interpreting “sigh”, 
“man,” “cammer,” and “on” as Simon Cameron; the word “wood” 
for “would”, etc. The final step reproduces the original plain text. 

Save for one exception, all the route ciphers used by the USMTC 
conformed to this basic pattern. The things that changed from one 
cipher book to the next were the indicators for the dimensions of the 
matrices and for the routes, and the “arbitraries” or code equivalents 
for the various items comprising the “vocabulary,” the number of 
them increasing from one edition to the next, just as might be ex- 
pected. The sole exception to this basic pattern is to be seen in 
Cipher Book No. 9 and on only one page of the book. I will show 
you that page. (See fig. 8.) 

What we have here is a deviation from the straightforward route 
transposition, “up the . . . column, down the . . . column,” etc. By 
introducing one diagonal path in the route (the 6th, 7th, 8th, 9th, 
10th words in a message of five columns, and the 1st, 2nd, 3rd, 4th, 
5th, and 6th words in a message of six columns) the simple up and 
down route no longer holds true. The words on the diagonal inter- 
rupt the normal up and down paths and introduce complexities in 



3 It was the usual practice to use for address and signature the names of 
the USMTC operators concerned. 




42 



REF ID : A62856 

W. F. FRIEDMAN CONF I DENT I AL 



12 



Message or Division of ... 



6 . 



.. Lines. 



COMMENCEMENT WORBS. 



i .6: 


Stanton I 
. McClellan \ 


6 


Halleck ) 

Ruell l 


J COLUMNS 


McDowell ) 


COLUMNS 


Sibley J 



Chase 

— Up the ... column 



X- 



> the..../....; down the... 



np the 



down the....s5., 

7. 



up the.. 






down the., 



Z, 



V * * 





Fig. 8. 

the method. In fact, the complexities, seemed to be a bit too much 
for the USMTC cipher operators because, as far as available records 
show, these complicated routes were never used. 

I now wish to make a number of general and a few specific comments 
on Plum’s description of the cryptosystems used by the USMTC. 

First, we have learned that although Anson Stager has been credited 
with inventing the type of cipher under consideration in this study, 
he was anticipated in the invention by about 200 years. Also, he is 
given the lion’s share of the credit for devising those ciphers although 
he did have a number of collaborators. Plum names four of them, 
presumably because he thought them worthy of being singled out for 




43 




CONF I DENT I AL history of cryptology 



particular attention. Plum and others tell us that copies of messages 
handled by the USMTC were sometimes intercepted by the enemy 
but not solved. He cites no authority for this last statement, merely 
saying that such intercepts were published in the newspapers of the 
Confederacy with the hope that somebody would come up with their 
solution. And it may be noted that none of the Confederate accounts 
of war activities cite instances of the solution of intercepted USMTC 
messages, although there are plenty of citations of instances of inter- 
ception and solution of enciphered visual transmissions of the Federal 
Army’s Signal Corps. 

Plum states that 12 different cipher books were employed by the 
Telegraph Corps, but I think there were actually only eleven. The 
first one was not numbered, and this is good evidence that a long 
war was not expected. This first cipher book had 16 printed pages. 
But for some reason, now impossible to fathom, the sequence of num- 
bered books thereafter was as follows: Nos. 6 and 7, which were 
much like the first (unnumbered) one; then came Nos. 12, 9, 10 — in 
that strange order; then came Nos. 1 and 2; finally came Nos. 3, 4, 
and 5. (Apparently there was no No. 8, or No. 11 — at least they 
are never mentioned.) It would be ridiculous to think that the irreg- 
ularity in numbering the successive books was for the purpose of 
communication security, but there are other things about the books 
and the cryptosystem that appear equally silly. There may have 
been good reasons for the erratic numbering of the books, but if so, 
what they were is now unknown. Plum states that No. 4, the last 
one used in the war, was placed into effect on 23 March 1865, and 
that it and all other ciphers were discarded on 20 June 1865. How- 
ever, as noted, there was a No. 5, which Plum says was given a lim- 
ited distribution. I have a copy of it, but whether it was actually 
put into use I do not know. Like No. 4, it had 40 pages. About 
20 copies were sent to certain members of the USMTC, scattered 
among 12 states; and, of course, Washington must have had at least 
one copy. 

We may assume with a fair amount of certainty that the first (the 
unnumbered) cipher book used by the USMTC was merely an elab- 
oration of the one Stager produced for the communications of the 
governors of Ohio, Indiana and Illinois, and of which a copy is given 
by only one of the writers who have told us about these ciphers, 
namely, David H. Bates. Bates, in his series of articles entitled 
“Lincoln in the Telegraph Office” {The Century Magazine, Vol. 
LXXIV, Nos. 1-5, May-Sept, 1907) 4 shows a facsimile thereof (p. 



* The series was then put out in book form under the same title by the D. 
Appleton-Century Company, New York, 1907, reprinted in 1939. 



44 



REF ID : A62856 



w. f. friedman COHr i DCHTI AL 

292, June 1907 issue), and I have had as good a reproduction made 
of it as is possible from the rather poor photographic facsimile. The 
foregoing cipher is the prototype upon which all subsequent cipher 
books were based, the first of the War Department series being the 
one shown by Plum. 




FACSIMILE OF THE TELEGRAPHIC CIPHER-CODE USED BY THE UNITED 
STATES GOVERNMENT IN 1861 



Fig. 9. 

When these ciphers came into use it was not the practice to mis- 
spell certain words intentionally; but as the members of the USMTC 
(who, as I’ve told you, not only served as telegraph operators but 
also as cipher clerks) developed expertness, the practice of using non- 
standard orthography was frequently employed to make solution of 
messages more difficult. You have already seen examples of this 
practice, and one can find hundreds of other examples of this sort of 
artifice. Then, further to increase security, more and more code 
equivalents were added to represent such things as ordinal and cardi- 
nal numbers, months of the year, days of the week, hours of the day, 
punctuation, etc. As a last step, additional code equivalents for 
frequently used words and phrases were introduced. One good ex- 
ample of two typical pages from one of these books will characterize 
them all. 





45 



CONriDCHT I A tr 






, 12 

A,.k hzCiT&liftlftl <iMt/k.... a 



■■ rf: l.!AMir.iihr/V> vy/},Uu(!hiU/uM. 

.Zto+ihcwii.. . 



... & 7 }.m M^?OmumX. .. . 

...Smmm f$Mr; &4 M(Um Pu/MAfiU, 

ii . wma tity* 4uV, 

Jll.CtHeijp tyKK&LiS. 



r/1 hnb&^VA. 

*| .tkSha&htfSL n ...»•.. . 

,’ciw.^ „....„ 



Mr- . 



. $f.A.btattfguM 
lA.'ZiT/A'AVAtA. 

... . H.AJmt 



h£Ml 






Bflrto*— ..Comm. . 


. .. -rP^Zt 


Bg.lo* 


Ml _ 


koto/O'/iA 




rlnll 









•'>'»»• ". 


... 

. . KOMSA 








12 

Sb ItOiUMtL 




B Me. ^ItAAAU io 





bMAMt&n . . 

Jittyvyiiitnei 


- 


««• 


hnnuvni 


tu1t " 


M _ 


touhmjrjti . 




B. lud ' . 


.. - Mmumu l . 




IW'I Ul . 


. 




B.H,' 


Twam/vu* 




f 


(AMWMYn 






Cfoa 


T" 





BU4*, 


Q^P. toivtfi/nx , ‘hu.i . 


















BJ11 . 




~~ " 




Bvifu. 


...falibUM-SC lAMAUH.TkMM , 




e.^w 


Sc&ub . uv\ 




B»t» 


btMM.7mL. . Oh*)- 





Bipri 




Fig. 10. 

You will notice that the code equivalents are printed but their 
meanings are written in by hand. This was usually the case, and 
the reason is obvious: for economy in printing costs, because the 

printed code equivalents of plaintext items in cipher books belonging 
to the same series are identical; only their meanings change from one 
book to another, and of course, the transposition routes, their indi- 
cators, and other variables change from one book to another. I am 
fortunate in having six of these cipher books in my private collection, 
so that comparisons among them are readily made. The first feature 
to be noted is that the code equivalents are all good English diction- 
ary words (or proper nouns), of not less than three nor more than 
seven (rarely eight) letters. A careful scrutiny shows that in the 
early editions the code equivalents are such as are not very likely to 
appear as words in the plaintext messages; but in the later editions, 
beginning with No. 12, more than 50% of the words used as code equiva- 
lents are such as might well appear in the plaintext of messages. For 
example, words such as AID, ALL, ARMY, ARTILLERY, JUNC- 
TION, CONFEDERATE, etc., baptismal names of persons, and 
names of cities, rivers, bays, etc., appear as code equivalents. Among 
names used as code equivalents are SHERMAN, LINCOLN, 
THOMAS, STANTON, and those of many other prominent officers 




46 



REF ID:A62856 



w. F. FRIEDMAN CONF I DE N T I AL 

and officials of the Union Army and the Federal Government, as 
well as of the Confederate Army and Government; and, even more 
intriguing, such names were employed as indicators for the number 
of columns and the routes used — the so-called “Commencement 
Words.” It would seem that names and words such as those I’ve 
mentioned might occasionally have brought about instances where 
difficulty in deciphering messages arose from this source of confusion, 
but the literature doesn’t mention them. I think you already realize 
why such commonly-used proper names and words were not excluded. 
There was, indeed, method in this madness. 

But what is indeed astonishing to note is that in the later editions 
of these cipher books, in a great majority of cases the words used as 
“arbitraries,” differ from one another by at least two letters (for 
example, LADY, and LAMB, LARK and LAWN, ALBA and 
ASIA, LOCK and WICK, MILK and MINT), or by more than two 
(for example MYRTLE and MYSTIC, CARBON and CANCER, 
ANDES and ATLAS). One has to search for cases in which two 
words differ by only one letter, but they can be found if you search 
long enough for them, as, for example, QUINCY and QUINCE, 
PINE and PIKE, NOSE and ROSE. Often there are words with 
the same initial trigraph or tetragraph, but then the rest of the 
letters are such that errors in transmission or reception would easily 
manifest themselves, as, for example, in the cases of MONSTER 
and MONARCH, MAGNET and MAGNOLIA. All in ah, it is 
important to note that the compiler or compilers of these cipher books 
had adopted a principle known today as the “two-letter differential,” 
a feature found only in codebooks of a much later date. In brief, 
the principle involves the use, in a given codebook, of code groups 
differing from one another by at least two letters. This principle is 
employed by knowledgeable code compilers to this very day, not 
only because it enables the recipient of a message to detect errors in 
transmission or reception, but also to correct them. This is made 
possible if the permutation tables used in constructing the code 
words are printed in the codebooks, so that most errors can be cor- 
rected without calling for a repetition of the transmission. It is 
clear, therefore, that the compilers of these cipher books took into 
consideration the fact that errors are to be expected in Morse teleg- 
raphy, and by incorporating, but only to a limited extent, the prin- 
ciple of the two-letter differential, they tried to guard against the 
possibility that errors might go undetected. Had artificial 5-letter 
groups been used as code equivalents, instead of dictionary words, 
possibly the cipher books would also have contained the permutation 
tables. But it must be noted that permutation tables made their 
first appearance only about a quarter of a century after the Civil 

47 CO N F I DENT I AL 




REF ID : A62856 

CONFIDENTIAL history of cryptology 

War had ended, and then only in the most advanced types of com- 
mercial codes. 

There is, however, another feature about the words the compilers 
of these books chose as code equivalents. It is a feature that mani- 
fests real perspicacity on their part, and you probably already have 
divined it. A few moments ago I said that I would explain why, in 
the later and improved editions of these books, words which might 
well be words in plaintext messages were not excluded from the lists 
of code equivalents: it involves the fact that the basic nature of the 
cryptosystem in which these code equivalents were to be used was 
clearly recognized by those who compiled the books. Since the 
cryptosystem was based upon word transposition, what could be 
more confusing to a would-be cryptanalyst, working with messages 
in such a system, than to find himself unable to decide whether a 
word in the cipher text of a message he is trying to solve is actually 
in the original plaintext message and has its normal meaning, or is a 
code word with a secret significance — or even a null, a non-signifi- 
cant word, a “blind” or a “check word,” as those elements were called 
in those days? That, no doubt, is why there are, in these books, so 
many code equivalents which might well be “good” words in the 
plaintext messages. And in this connection I have already noted 
an additional interesting feature: at the top of each page devoted 

to indicators for signaling the number of columns or rows in the 
specific matrix for a message are printed the so-called “commence- 
ment words,” or what we now call “indicators”. Now there are 
nine such words, in sets of three, any one of which could actually be 
a real word or name in the plaintext message. Such words when 
used as indicators could be very confusing to enemy cryptanalysts, 
especially after the transposition operation. Here, for example, are 
the “commencement words” on page 5 of cipher book No. 9: Army, 
Anson, Action, Astor, Advance, Artillery, Anderson, Ambush, Agree; 
on page 7 of No. 10: Cairo, Curtin, Cavalry, Congress, Childs, 

Calhoun, Church, Cobb, etc. Moreover, in Nos. 1, 3, 4, 5, and 10 
the “line indicators,” that is, the words indicating the number of 
horizontal rows in the matrix, are also words such as could easily be 
words in the plaintext messages. For example, in No. 1, page 3, 
the line indicators are as follows: 



Address 


1 


Faith 


Assume 


6 


Bend 


Adjust 


2 


Favor 


Awake 


7 


Avail 


Answer 


3 


Confine 


Encamp 


8 


Active 


Appear 


4 


Bed 


Enroll 


9 


Absent 


Appeal 


5 


Beef 


Enough 


10 


Accept 


Note two things 


in the foregoing list: first, there are variants — 





48 



REF ID:A62856 



j 

V 



w. f. friedman CONFIDENTIAL 

there are two indicators for each case; and second, the indicators are 
not in strict alphabetic sequence. This departure from strict alpha- 
beticity is even more obvious in the pages devoted to vocabulary, a 
fact of much importance cryptanalytically. Note this feature, for 
example, in Fig. 10, which shows pages 14 and 15 of cipher book No. 
12 . 

In this respect, therefore, these books partake somewhat of the 
nature of two-part or “randomized” codes, or, in British terminology, 
“hatted” codes. In the second lecture of this series the physical 
difference between one-part and two-part codes was briefly explained, 
but an indication of the technical cryptanalytic difference between 
these two types of codes may be useful at this point. Two-part codes 
are much more difficult to solve than one-part codes, in which both 
the plaintext elements and their code equivalents progress in parallel 
sequences. In the latter type, determination of the meaning of 
one code group quickly and rather easily leads to the determination 
of the meanings of other code groups above or below the one that has 
been solved. For example, in the following short but illustrative 
example, if the meaning of code group 1729 has been determined to 
be “then”, the meaning of the code group 1728 could well be “the” 
and that of 

1728 — the 7621 — the 

1729 — then 0972 — then 

1730 — there 1548 — there 

the code group 1730, “there”. But in a two-part code, determining 
the meaning of the code group 0972 to be “then” gives no clue what- 
ever as to the meaning of the groups 7621 or 1548. For ease in decoding 
messages in such a code there must be a section in which the code 
groups are listed in numerical sequence, and are accompanied by 
their meanings, which, of course, will be in a random sequence. The 
compilers of the USMTC cipher books must have had a very clear 
idea of what I have just explained, but they made a compromise of 
a practical nature between a strictly one-part and a strictly two-part 
code, because they realized that a code of the latter sort is twice as 

bulky as one of the former sort, besides being much more laborious 

to compile and check the contents for accuracy. The arrangement 
they chose wasn’t too bad, so far as cryptosecurity was concerned. 
As a matter of fact, and speaking from personal experience in de- 
coding a rather long message addressed to General Grant, I had a 
difficult time in locating many of the code words in the book, be- 
cause of the departure from strict alphabeticity. I came across that 
message in a workbook in my collection, the workbook of one of the 
important members of the USMTC — none other than our friend 

49 CONFIDENT I AL 




REF ID:A62856 



CONriDCNTIAL history of cryptology 

Plum, from whose book, The Military Telegraph during the Civil War, 
comes much of the data I’ve presented in this lecture. On the fly- 
leaf of Plum’s workbook there appears, presumably in his own hand- 
writing, the legend “W. R. Plum Chf Opr with Gen. G. H. Thomas”. 
Here’s one of the messages he enciphered in cipher book No. 1, the 
book in which, he says, more important telegrams were sent than in 
any other: 





m 




~~r~r 


T— 






■■if i 




|§|S| 


W/iemr* 

an 


''wnmm 


IE 


r.w.*¥« 

mitrm. 

v&mm 


rrrmjm 


u mwsm: 


Mtnmm 

wmwm\ 


?rvrr.-r 
KWW» 1 




jnwgB 




BfjfPPPI 


-ZZZZ 


vmm 


WffUSSn 


ssai 


1 


4-9 \ 


WM 


m 




Iglg 


Egg 


ft§|| 


m 


m 




IHHH 






mmm 


HBHH 










BHHMH 


■■ ■ 




m 




SB 







■■■■■ 


■■■■ 




■■■■ 








3 Jlo . 























■ 


■ ■ 


■ 


■ 












■■ ■ 


■Hi 


!■■■ 


\mmm 


■ 






— ■ 


1 










[= 





Fig. 11. 



Note how many “arbitraries” appear in the plaintext message, that 
is before transposition. After transposition the melange of plaintext, 
code words, indicators and nulls makes the cryptogram mystifying. 5 
And yet, was the system as inscrutable as its users apparently thought? 
It is to be remembered, of course, that messages were then transmit- 
ted by wire telegraphy, not by radio, so that enemy messages could 
be obtained only by “tapping” telegraph lines or capturing couriers 
or headquarters with their files intact. Opportunities for these 
methods of acquiring enemy traffic were not frequent, but they did 
occur from time to time, and in one case a Confederate signalman 
hid in a swamp for several weeks and tapped a Federal telegraph 
line, obtaining a good many messages. What success, if any, did 
Confederate cryptanalysts have in their attempts to solve such 
USMTC cryptograms as they did intercept? We shall try to answer 
this question in due time. 



5 In searching for a good example my eye caught the words “Lincoln shot” 
at the left of the matrix and I immediately thought that the message had to 
do with Booth’s assassination of the President. But after hurriedly translating 
the message and finding nothing in it having anything to do with the shooting 
it occurred to me to look up the indicators for a matrix of six rows and eight 
columns. They turned out to be LINCOLN (message of 8 columns), SHOT 
(6 rows). The word SMALL beneath the “Lincoln shot” is a variant for SHOT, 
also meaning “6 rows”. 



CONriDCNT I AL 50 

L _ 




REF ID : A62856 




W. F. FRIEDMAN 

As indicated earlier, there were no competing signal organizations 
in the Confederacy as there were on the Union side. There was 
nothing at the center of government in Richmond or in the combat 
zone comparable to the extensive and tightly-controlled civilian 
military telegraph organization which Secretary Stanton ruled with 
such an iron hand from Washington. Almost as a concomitant, it 
would seem, there was in the Confederacy, save for two exceptional 
cases, one and only one officially-established cryptosystem to serve 
the need for protecting tactical as well as strategic communications, 
and that was the so-called Vigenere Cipher, which apparently was 
the cipher authorized in an official manual prepared by Captain J. H. 

Alexander as the partial equivalent of Myer’s Manual of Signals. 

You won’t find the name Vigenere in any of the writings of contem- 
porary signal officers of either the North or the South. The signal- 
men of those days called it the “Court Cipher”, this term referring 
to the system in common use for diplomatic or “court” secret com- 
munications about this period in history. It is that cipher which 
employs the so-called Vigenere Square with a repeating key. 6 Here 
is the square which Plum calls the “Confederate States Cipher Key” 
and which is followed by his description of its manner of employ- 
ment. (See figs. 12a andl2b.) 

There are certain comments to be made on the sample messages. 

In the first place, note that in the first message certain words are 
left unenciphered; in the second place, in both the first and second 
messages, the ciphers retain and clearly show the lengths of the words I 1 

which have been enciphered. Both of these faulty practices greatly 
weaken the security of ciphers because they leave good clues to their S 

contents and can easily result in facilitating solution of the messages. j ! 

We know today that cipher messages must leave nothing in the clear. 

Even the address and the signature, the date, time and place of 
origin, etc., should if possible be hidden; and the cipher text should 
be in completely regular groupings, first, so as not to disclose the 
lengths of the plaintext words, and second, to promote accuracy in 
transmission and reception. 

So far as my studies have gone, I have not found a single example 
of a Confederate Vigenere cipher which shows neither of these two 
fatal weaknesses. The second of the two examples is the only case 
I have found in which there are no unenciphered words in the text 
of the message. And the only example I have been able to find in 
1 

6 A keyword is employed to change the alphabets cyclically, thus making 
the cipher what is called today a periodic or multiple-alphabet cipher control- 
led by the individual letters of a key, which may consist of a word, a phrase, or 
even of a sentence, repeated as many times as necessary. | 




51 



REF ID : A62856 



HISTORY OF CRYPTOLOGY 



38 THE MILITARY TELEGRAPH DURING THE 

Confederate States Cipher Key. 

30 25 24 23 22 21 20 19 18 17 16 15 14 18 12 11 10 0 8 7 0 5 4 8 

1 abcde fghijklmnopq rs tuvwx 



2 b c 

3 c d 

4 d e 
He f 

« f g 

7 g b 

8 h i 

9 i j 

10 j k 

11 k 1 

12 1 m 
18 m n 

14 n o 

15 o p 
10 p q 

17 q r 

18 r s 



d e f g 
e f g h 
f g h i 
g h i j 
h i j k 
1 j k 1 
j k 1 m 
k 1 m n 
1 m n o 
m n o p 
n o p q 
o p q r 
P q r s 
q r s t 
r s t u 
s t u v i 



h » j 
i j k 
j k 1 
k I m 
1 m n 
m n o 
nop 
o p q 
p q r 
q r s 
r s t 
s t u 



k 1 m n 
1 m n o 
m n o p 
n o p q 
o p q r 
p q r s 
q r s t 
r s t u 
s t u v 

t U V w 
U Y W X 



O P q 
p q r 
q r s 
r s t 
s t u 
t u v 



20 t u 

21 u v 

22 v w 

23 w x 

24 x y 

25 y z 

26 z a 



t u v w 

u v W X 
T T X y 
W X y Z 
X y z a 
y z a b 
z a b c 
abed 
b c d e 



w x y 
x y z 
y z a 
z a b 
a b c 
bed 
c d e 
d e f 
e f g 
f g h 



v w x y 
W x y z 
x y z a 
y z a b 
z a b c 
abed 
b c d e 
c d e f 
d e f g 
e f g h 
f g h i 
g b i j 
h i j k 
i i k 1 



w x y 
x y z 
y z a 
z a b 
a b e 
bed 
c d e 
d e f 
e f g 
f g h 
g h i 
h i J 

i j k 

j k 1 i 
k 1 m ; 
1 m n 



v w x y 
v x y z 
x y z a 
Y z a b 

5 a b c 

i b c d 

) c d e 

! d e f 

! e f g 

f g li 

g h i 

h i 1 

i j k 

j k 1 

k I m 
1 m n 
m n o 

nop 
o p q 

p q r 

q r 8 

r s t 



r w x y 

' x y z 

: y z a 

z a b 

a b c 

bed 
c d e 

d e f 

e f g 

f g b 

g b i , 

h i j 1 

> j k 

j k 1 e 

k 1 m i 

1 m n < 

m n o j 

n o p <; 

o p q j 

p q r f 

q r s t 

r s t u 

8 t U v 

t U V w 



Key Words. Complete Victory. Manchester Bluff. 

„„ To '"to cipher the tat message, which is put up by using 
“ Manchester Bhtff” «s the key, and the second by the kite™ 

aSir of ft 7C <he ' ef, hand ” de of the 

table tt f f Z 'J”” 1 ci P hered ' “ nd ■* «» a)P »f the 

table, the tat letter of the key term. At the junction of the 

^::z: h Tr iett ‘- rs m 50 f ° u,,d ' *>• #» 

left <W ?! 1M 40 be used ta “of of the real one at the 

taLm andT T "”‘ y " ,i ' h eaCh *“»"'» totter of the 
“ SlZi ' Z' re l’ e,,mir 00 the latter till finished. Thus, 
Sherman ,s vetonous.” put in cipher by using the first key! 

would read, ns shown by the capitals, ^ 



Fig. 12-A. 



REF ID : A62856 



w. f. FRIEDMAN CO N F I DE N T t A tr 



FP He’S & course, any change in the key word, term 
or phrase changes the arbitrarics, and if neither the real 
message nor the key is known, it would be somewhat vexatious 
working it out, unless there were some such suggestive words 
as occur in Davis’s message above, which indicate the ciphered 
words very clearly ; e.g., “ By which you may effect ” 0 fpqgexvk 

“ above that P ar t ” Hw r i ve C r . This meaning occurred to the 
author, at first sight, and doubtless would to any one familiar 
with military allairs in that section. Having guessed real words, it 
is very easy to work out the letters of the key. The following 
two important ciphers were transmitted as divided below ; i. e° 
each word was sent separately, not all mixed, ni in the Pember- 
ton cipher. This division docs not facilitate translation by the 
key at all, but materially assists without it, and was. therefore, 
bad practice. e give below, each message, with its translation, 
because these telegrams were very important. .The curious 
reader may, at his leisure, by using the key board, study out the 
key terms, one of which will be found entirely new and quite 
apropos, in the light of what speedily followed. 

Confederate States of America, Military Telegraph. Dated 
Head-quarters, February 23, 1SG5. Received at Richmond, Va., 
12:25 minutes, a. >r. 

To Hox.J.C. Breokenridge, Sce’y of War:- I recommend 
that the tsysmee fn qoimvp rfatvvmp ubwaqbqtm exfvxj and iswaqjru 
ktmtl are not of immediate necessity, uv kpgfmbpgr mpe timid 
should be Imqhtsp. (Signed) R. E. Lee. 

Translation— I recommend that the removal of public property, 
machinery, stores and archives which are not of immediate necessity, 
be commenced. All powder should be secured. 



Head-quarters C. S. Armies, March 24 , 1865 . 

Gen. E. Kiriiy Smith, comdg. Trans-Miss. Dept., Gen.:— Vvq 
ecilmympm rvcog ui lhoimii.los kfcli kdf wasptf us tfcfsto abxc 
bjx azjkhmgjsiimivboeq qb ndel ueisu lit kfg auhd egh opcm infs 
uvajwh xryincoci yu dddxtinpt in icjqkpxt es vvjau invrr twhtc abxc 
iu eoieg o rdrgx en ucr pv ntiptyxec rqvariyyb rgzq rspz iksjeph ptax 

rsp ekez raecdstrzpt mzmseb aegg nsfqvvf me kfg srnhe ftrf wh 
mvv kkge pyh fefm ckfrlisytyxl xj jtbbx rq htxd wbhz awvv fd aegg 
avxwzvv yciag oe nzy fet Igxa scuh. 

I am most respectfully your obdt. servt., 

(Signed) R. E. Lee. 



Translation— The President deems it advisable that 
you Should be charged with the military operations on both banks 
of the Miss., and that you should endeavor as promptly as possible to 
cross that river with as large a force as may be prudently withdrawn 
from your present Dept. You will accordingly extend your command 
to tl,e east bank of the Miss, and make arrangements to bring to 
thi- side such of your present force as you may deem best. 

I am most respectfully your obedient servant. 



Fig. 12 -B 




53 



REF ID:A62856 



CONriDCHT I A fc history op cryptology 

which word lengths are not shown (save for one word) is in the case 
of the following message: 

Vicksburg, Dec. 26, 1862. 

GEN. J. E. JOHNSTON, JACKSON: 

I prefer oaavvr, it has reference to xhvkjqchffabpzelreqpzwnyk to 
prevent anuzeyxswstpjw at that point, raeelpsghvelvtzfautlilaslt 
lhifnaigtsmmlfgccajd. 

(Signed) J. C. PEMBERTON 
Lt. Gen. Comdg. 

Even in this case there are unenciphered words which afforded a 
clue which enabled our man Plum to find the key and solve the mes- 
sage. It took some time, however, and the story is worth telling. 

According to Plum, the foregoing cipher message was the very first 
one captured by USMTC operators, and it was obtained during the 
siege of Vicksburg, which surrendered on 4 July 1863. But note the 
date of the message: 26 December 1862. What was done with the 

captured message during the months from the end of December 1862 
to July 1863? Apparently nothing. Here is what Plum reports: 

What efforts General Grant caused to be made to unravel this mes- 
sage, we know not. It was not until October, 1864, that it and others 
came into the hands of the telegraph cipherers, at New Orleans, for 
translation .... 

The New Orleans operators who worked out this key (Manchester 
Bluff) were aided by the Pemberton cipher and the original telegram, 
which was found among that general’s papers, after the surrender of 
Vicksburg; also by the following cipher dispatch, and one other. 

Plum gives the messages involved, their solution, and the keys, 
the latter being the three cited above. It would seem that if the 
captured Pemberton message had been brought to General Grant’s j 
attention and he did nothing about it, he was not much interested in 
intelligence. Secondly, the solution of the Pemberton message and 
the others apparently took some time, even though there was one 
message with its plain text (the Pemberton message) and two messages 
not only with interspersed plaintext words but also with spaces 
showing word lengths. But Plum does not indicate how long it took 
for solution. Note that he merely says that the messages came into 
the hands of the telegraph cipherers in October 1864; he does not tell 
when solution was reached. 

In the various accounts of these Confederate ciphers there is one 
and only one writer who makes a detailed comment on the two fatal j 
practices to which I refer. A certain Dr. Charles E. Taylor, a Con- 
federate veteran (in an article entitled “The Signal and Secret Serv- 
ice of the Confederate States”, published in the Confederate Veteran, 

CONr i DC H T I A fc- 54 




rial; 



i i »I»iXrw 



W. F. FRIEDMAN 



Vol. XL, Aug-Sept 1932), after giving an example of encipherment 
according to the “court cipher” says: 

It hardly needs to be said that the division between the words of 
the original message as given above was not retained in the cipher. 
Either the letters were run together continuously or breaks, as if for 
words, were made at random. Until the folly of the method was 
revealed by experience, only a few special words in a message were put 
into cipher, while the rest was sent in plain language. Thus ... I 
think it may be said that it was impossible for well prepared cipher 
to be correctly read by any one who did not know the key-word. Some- 
times, in fact, we could not decipher our own messages when they came 
over telegraph wires. As the operators had no meaning to guide them, 
letters easily became changed and portions, at least, of messages 
rendered unmeaningly (sic) thereby. 

Frankly, I don’t believe Dr. Taylor’s comments are to be taken as 
characterizing the practices that were usually followed. No other 
ex-signalman who has written about the ciphers used by the Con- 
federate Signal Corps makes such observations and I think we must 
simply discount what Dr. Taylor says in this regard. 

It would certainly be an unwarranted exaggeration to say that the 
two weaknesses in the Confederate cryptosystem cost the Confeder- 
acy the victory for which it fought so mightily, but I do feel war- 
ranted at this moment in saying that further research may well show 
that certain battles and campaigns were lost because of insecure 
cryptocommunications. 

A few moments ago I said that, save for an exception or two, 
there was in the Confederacy one and only one cryptosystem to serve 
the need for secure tactical as well as strategic communications. 
One of these exceptions concerned the cipher used by General Beau- 
regard after the battle of Shiloh (8 April 1862). This cipher was 
purely monoalphabetic in nature and was discarded as soon as the 
official cipher system was prescribed in Alexander’s manual. It is 
interesting to note that this was done after the deciphered message 
came to the attention of Confederate authorities in Richmond via a 
northern newspaper. It is also interesting to note that the Federal 
War Department had begun using the route cipher as the official 
system for USMTC messages very promptly after the outbreak of 
war, whereas not until 1862 did the Confederate States War Depart- 
ment prepare an official cryptosystem, and then it adopted the 
“court cipher.” 

The other exception involved a system used at least once before 
the official system was adopted and it was so different from the 
latter that it should be mentioned. On 26 March 1862, the Con- 
federate States President, Jefferson Davis, sent General Johnston by 



55 



REF ID : A62856 




CONFIDENT I AL history of cryptology 



special messenger a dictionary, with the following accompanying 
instruction: 7 



I send you a dictionary of which I have the duplicate, so that you 
may communicate with me by cipher, telegraphic or written, as follows: 
First give the page by its number; second, the column by the letter L, 
M or R, as it may be, in the left-hand, middle, or right-hand columns; 
third, the number of the word in the column, counting from the top. 
Thus, the word junction would be designated by 146, L, 20. 



The foregoing, as you no doubt have already realized, is one of the 
types of cryptosystems used by both sides during the American 
Revolutionary Period almost a century before, except that in this 
case the dictionary had three columns to the page instead of two. 
I haven’t tried to find the dictionary but it shouldn’t take long to 
locate it, since the code equivalent of the word “junction” was given: 
146, L, 20. Moreover, there is extant at least one fairly long mes- 
sage, with its decode. How many other messages in this system there 
may be in National Archives I don’t know. 

Coming back now to the “court cipher,” you will probably find it 
just as hard to believe, as I find it, that according to all accounts 
three and only three keys were used by the Confederates during the 
three and a half years of warfare from 1862 to mid-1865. It is true 
that Southern signalmen make mention of frequent changes in key 
but only the following three are specifically cited: 



1 ) 



COMPLETE VICTORY 

2) MANCHESTER BLUFF 

3) COME RETRIBUTION. 



It seems that all were used concurrently. There may have been a 
fourth key, IN GOD WE TRUST, but I have seen it only once, and 
that is in a book explaining the “court cipher”. Note that each of 
the three keys listed above consists of exactly 15 letters, but why 
this length was chosen is not clear. Had the rule been to make the 
cipher messages contain only 5-letter groups, the explanation would 
be easy: 15 is a multiple of 5 and this would be of practical value in 
checking the cryptographic work. But, as has been clearly stated, 
disguising word lengths was apparently not the practice even if it 
was prescribed, so that there was no advantage in choosing keys 
which contain a multiple of 5 letters. And, by the way, doesn’t the 
key COME RETRIBUTION sound rather ominous to you even 
these days? 

Sooner or later a Confederate signal officer was bound to come up 



7 Battles and Leaders of the Civil War, New York: The Century Co., 1884, 

Vol. I, p. 581. 



CONFIDENTIAL 



56 






REF ID:A62856 



W. F. FRIEDMAN 



CONFIDE N T I AL 



with a device to simplify ciphering operations, and a gadget devised 
by a Captain William N. Barker seemed to meet the need. In 
Myer’s Manual there is a picture of one form of the device, shown 
here in Fig. 13. I don’t think it necessary to explain how it worked, 
for it is almost self-evident. Several of these devices were captured 
during the war, one of them being among the items in the NSA 
Museum (Fig. 14). This device was captured at Mobile in 1865. All 
it did was to mechanize, in a rather inefficient manner, the use of the 
Vigenere Cipher. But here’s a photograph, Fig. 15, of the one found 
in the office of Confederate Secretary of State Judah P. Benjamin 
after the capture of Richmond. In this picture the Vigenere Square 
(wrapped around the revolvable central shaft) is seen very clearly. 






Fig. 15. 



How many of these devices were in existence or use is unknown, 
for their construction was an individual matter — apparently it was 
not an item of regular issue to members of the corps. 

In practically every account of the codes and ciphers of the Civil 
War you will find references to ciphers used by Confederate secret 
service agents engaged in espionage in the North as well as in Canada. 
In particular, much attention is given to a set of letters in cipher, 
which were intercepted by the New York City Postmaster and which 
were involved in a plot to print Confederate currency and bonds. 
Much ado was made about the solution of these ciphers by cipher 
operators of the USMTC in Washington and the consequent break- 
ing up of the plot. But I won’t go into these ciphers for two reasons. 
First, the alphabets were all of the simple monoalphabetic type, a 
total of six altogether being used. Since they were composed of 
a different series of symbols for each alphabet, it was possible to com- 
pose a cipher word by jumping from one series to another without 
any external indication of the shift. However, good eyesight and a 
bit of patience were all that was required for solution in this case 
because of the inept manner in which the system was used: whole 
words, sometimes several successive words, were enciphered by the 
same alphabet. But the second reason for my not going into the 
story is that my friend and colleague of my NS A days Edwin C. 
Fishel, has done some research among the records in our National 
Archives dealing with this case and he has found something which 
is of great interest and which I feel bound to leave for him to tell at 
some future time, as that is his story, not mine. 




REF ID : A 628 



W. F. FRIEDMAN 



VJ kl 




f 



ft v V 1 f 



C». Cl 



t f’ s > c /” i'/ ^'V* 

A * C? f 1 z'. <rV «/ /*< > >*. y 

' / ... // ' 

y^-fc'K - «. * •* ■■ <" « . l f,/ 

c’f f / J s r . 




/AIK 'l I I : If illMKLMXOl \> li.-T I V W X V / 
A IK ‘DKIKII 1 UK LSI X* UK >I!STL \ WXVZA 
BCDK IK ■' 1 1 1-l K 1 A! N ( > IK > ii ST I VVVXW A I! 
CT1K1K ill l.l K LM \< )i •< )1{>T1 * V U X V/A IK- 
I >E F< J I! 1.1 K I . M X ( > ! K » !:.-T l A' VVX V/A IK f ) 
I- 1 •( ; 1 1 1 .1 K LM X O r f - 1 ; T I V \ V X V / A I K l » K 
F< i H 1 1 K LM X O f ’< > Ii S'lTVWXV/AIK I»KF 
(JI!I.IKLMXOl‘f)i!<il VVVXVZA IK T>KIKi 
HUKlilNOl*<iH>TI VU X V/A IK UllKiii 

1 -I K LAI X O l\» | 1 ST IAAVX V/ A IK ' I ) K IK , | ] ; 

.IKLMXOI'QX'ST! V WXVZA IK'MlFGIILI 
KI.MXoikii * s 1 1 V AY ' X V / A I K I ) l,| (Hi J.iK 
LMXOIKJUSTL v VV X V/A IK ISLKIHI.I K L 

MXon,iu>' ; Trv , .vxvzAiK-i*r.i Kiin.ixi.M 
X 0 1 ’< t » 1 1 ST r U \ V / A ! K • I M : I K ; 1 r i . | K I . M X 
Ol’Ltl’STl 'VWX V/A IK T»KIK , II l.l KLMX < » 
I’QHSTl VVVXVZA IK'lHilKilll.lKLMXOP 
(SjMSTl A’ WX V/A IK 'HKI'GII UK LMX< )|’n 
KSTrVAVXV/AlK-|)|.|K;i||.iKl.MXo|K 4 »l; 
S 'IT W X V/A IKI 1 FIX ill UK LM X< ) |*o | ; •: 
TIV VV X VZ A TIC 1 > K IK i 1 1 l.l K L.M X G i K 1 1 ; ST 
r VAV X V/A IK I »K Ft i IH.I K LM XO I X 1 1 isT I 
V VV X V/ A IK - 1 > I : IK i 1 1 1 .1 K LM X O I ’< ,» II >T r \ 
vvxv/AiK'i)i;iK;ni.iKLMXtiiK i )[i>'n v u 
X V/ A IK '1 > R F( J II 1 .1 K LM Xo I \>| IS? ( VWX 
Y/A IK •I»HFOII l.l K LM XKiI’^K.-H V VV X V 
/AIK ’DFI'G 1 1 l.l K C.MXOlKjRS II A VVX VX 



Fig. 16. 

Photographs from which Figs. 15 and 16 were reproduced were kindly sup- 
plied me by my friend William H. Price, of NSA. 



59 



CONr i DCHTlAb - 




REF ID:A62856 



CO N FIDENT I AL history of cryptology 

So very fragmentary was the amount of cryptologic information 
known to the general public in these days that when there was found 
on John Wilkes Booth’s body a cipher square which was almost iden- 
tical with the cipher square which had been mounted on the cipher 
reel found in Confederate Secretary of State Judah P. Benjamin’s 
office in Richmond, the Federal authorities in Washington at- 
tempted to prove that this necessarily meant that the Confederate 
leaders were implicated in the plot to assassinate Lincoln, and had 
been giving Booth instructions in cipher. Fig. 16 is a picture of the 
cipher square found on Booth, and also in a trunk in his hotel room 
in Washington. 

The following is quoted from Philip Van Doren Stern’s book en- 
titled Secret Missions of the Civil War (Rand McNally and Co., New 
York, 1951, p. 320): 

Everyone in the War Department who was familiar with cryptog- 
raphy knew that the Vigenere was the customary Confederate cipher 
and that for a Confederate agent (which Booth is known to have 
been) to possess a copy of a variation of it meant no more than if a 
telegraph operator was captured with a copy of the Morse Code. 
Hundreds — and perhaps thousands of people were using the Vigenere. 

But the Government was desperately seeking evidence against the 
Confederate leaders so they took advantage of the atmosphere of 
mystery which has always surrounded cryptography and used it to 
confuse the public and the press. This shabby trick gained nothing, 
for the leaders of the Confederacy eventually had to be let go for 
lack of evidence. 

To the foregoing I will comment that I doubt very much whether 
“everyone in the War Department who was familiar with crypto- 
graphy knew that the Vigenere was the customary Confederate 
cipher.” Probably not one of them had even heard the name Vig- 
enere or had even seen a copy of the table, except those captured in 
operations. I doubt whether anyone on either side even knew that jj 
the cipher used by the Confederacy had a name; or least of all, that 
a German Army reservist named Kasiski, in a book published in 
1863, showed how the Vigenere cipher could be solved by a straight- jj 
forward mathematical method. 

I have devoted a good deal more attention to the methods and 
means for cryptocommunications in the Civil War than they deserve, 
because professional cryptologists of 1961 can hardly be impressed 
either by their efficacy from the point of view of ease and rapidity 
in the cryptographic processing, or by the degree of the technical 
security they imparted to the messages they were intended to protect. 
Not much can be said for the security of the visual signaling systems 
used in the combat zone by the Federal Signal Corps for tactical 
purposes, because they were practically all based upon simple mono- 



60 



REF ID:A62856 



i 

4 



W. F. FRIEDMAN CONFIDENTIAL 

alphabetic ciphers, or variations thereof, as for instance, when whole 
words were enciphered by the same alphabet. There is plenty of 
evidence that Confederate signalmen were more or less regularly 
reading and solving those signals. What can be said about the 
security of the route ciphers used by the USMTC for strategic or 
high command communications in the zone of the interior? It has 
already been indicated that, according to accounts by ex-USMTC 
men, such ciphers were beyond the cryptanalytic capabilities of Con- 
federate cryptanalysts, but can we really believe that this was true? 
Considering the simplicity of these route ciphers and the undoubted 
intellectual capacities of Confederate officers and soldiers, why 
should messages in these systems have resisted cryptanalytic attack? 
In many cases the general subject matter of a message and perhaps 
a number of specific items of information could be detected by quick 
inspection of the message. Certainly, if it were not for the so-called 
“arbitraries” the general sense of the message could be found by a 
few minutes work, since the basic system must have been known 
through the capture of cipher books, a fact mentioned several times 
in the literature. Capture of but one book (they were all generally 
alike) would have told Confederate signalmen exactly how the system 
worked and this would naturally give away the basic secret of the 
superseding book. So we must see that whatever degree of pro- 
tection these route ciphers afforded, message security depended al- 
most entirely upon the number of “arbitraries” actually used in prac- 
tice. A review of such messages as are available shows wide diver- 
gencies in the use of “arbitraries”. In any event the number actually 
present in these books must have fallen far short of the number 
needed to give the real protection that a well-constructed code can 
give. Thus it seems to me that the application of native intelligence, 
with some patience, should have been sufficient to solve USMTC mes- 
sages — or so it would be quite logical to assume. That such an as- 
sumption is well warranted is readily demonstrable. 

It was, curiously enough, at about this point in preparing this 
lecture that Mr. Edwin C. Fishel, whom I have mentioned before, 
gave me just the right material for such a demonstration. In June of 
1960, Mr. Fishel had given Mr. Phillip Bridges, who is also a member 
of NSA and who knew nothing about the route ciphers of the USMTC, 
the following authentic message sent on 1 July 1863 by General 
George G. Meade, at Harrisburg, Pennsylvania, to General Couch at 
Washington. (See fig. 17.) 

It took Mr. Bridges only a few hours, five or six, to solve the 
cryptogram, and he handed the following plain text to Mr. Fishel: 

CONF I DE N T I AL 




61 



REF ID:A62856 




CONriDCHT l A b history of cryptology 



X' 







XX 

v (%a. 






Ou 






“1 



^ui^ovaOuo ~wr «-wv« ~w- .*.trrr+ut) Cu^A &’<a<p+<u+*Aj 4 

UihJ, -«*% O-jituS "bl-tu. (s°&£t 

froat^-y ^-oum. Ai»vcM^ <a. * a '** 

4jLg*- joeua**. 0^*^^ t^<»-vw 

CL^a-tio^ ^ 0~c*± Ol^ aj- z)t-o^ 

(V dUjU y (M*. A-4 Cjf^r&L^A- 

^ fVv 4 Uj ' J/jwLL y^ iU>X« QlHAsZf+y th/ 

ClUL MxdyL^ (5aJUi (bu^j 0^.<U, 

»•* X* Q>vc6 



Fig. 17. 



Thomas been it (Nulls) 

For Parson. I shall try and get to you by tomorrow morning a re- 
liable gentleman and some scouts who are acquainted with a country 
you wish to know of. Rebels this way have all concentrated in di- 
rection of Gettysburg and Chambersburg. I occupy Carlisle. Signed 
Optic. Great battle very soon, tree much deal — (Nulls) 

The foregoing solution is correct, save for one pardonable error: 
“Thomas” is not a “null” but an indicator for the dimensions of the 
matrix and the route. “Parson” and “Optic” are code names and I 
imagine that Mr. Bridges recognized them as such but, of course, he 
had no way of interpreting them, except perhaps by making a care- 
ful study of the events and commanders involved in the impending 
action, a study he wasn’t called upon to undertake. 

The foregoing message was enciphered by Cipher Book No. 12, in 
which the indicator THOMAS specifies a “Message of 10 lines and 
5 columns”. The route was quite simple and straightforward: 
“Down the 1st (column), up the 3rd; down the 2nd; up the 5th 
down the 4th.” 

It is obvious that in this example the absence of many “arbitraries,” 
made solution a relatively easy matter. What Mr. Bridges would 
have been able to do with the cryptogram had there been many of 
them is problematical. Judging by his worksheets, it seemed to me 

■ CONr i DCHT I A t- 62 




r. 



REF ID:A62856 



i 

i 



l 






W. F. FRIEDMAN CONr i DCNT I A tr 

that Mr. Bridges did not realize when he was solving the message 
that a transposition matrix was involved; and on questioning him on 
this point his answer was in the negative. He realized this only 
later. 

A minor drama in the fortunes of Major General D. C. Buell, one 
of the high commanders of the Federal Army, is quietly and tersely 
outlined in two cipher telegrams. The first one, sent on 29 Sep- 
tember 1862, from Louisville, Kentucky, . was in one of the USMTC 
cipher books, and was externally addressed to Colonel Anson Stager, 
head of the USMTC, but the internal addressee was Major General 
H. W. Halleck, “General-in-Chief” [our present day “Chief of Staff”]. 
The message was externally signed by William H. Drake, Buell’s 
cipher operator, but the name of the actual sender, Buell, was indi- 
cated internally. Here’s the telegram: 

COLONEL ANSON STAGER, Washington: 

Austria await I in over to requiring orders olden rapture blissful for 
your instant command turned and instructions and rough looking fur- 
ther shall further the Camden me of ocean September poker twenty I 
the to I command obedience repair orders quickly pretty Indianapolis 
your him accordingly my fourth received 1862 wounded nine have 
twenty turn have to to to alvord hasty. 

WILLIAM H. DRAKE 

Rather than give you the plain text of this message, perhaps you 
would like to work it out for yourselves, for with the information 
you’ve already received the solution should not be difficult. The 
message contains one error, which was made in its original prepara- 
tion: one word was omitted. 

The second telegram, only one day later, was also from Major 
General Buell, to Major General Halleck, but it was in another 
cipher book — apparently the two books involved were used concur- 
rently. Here it is: 

GEORGE C. MAYNARD, Washington: 

Regulars ordered of my to public out suspending received 1862 
spoiled thirty I dispatch command of continue of best otherwise worst 
Arabia my command discharge duty of my last for Lincoln September 
period your from sense shall duties the until Seward ability to the I a 
removal evening Adam herald tribune. 8 

PHILIP BRUNER 

As before, I will give you the opportunity to solve this message 



8 A curious coincidence — or was it a fortuitous foreshadowing of an event far 
in the future? — can be seen in the sequence of the last two words of the cipher 
text. The message is dated September 30, 1862; the New York Herald and 
the New York Tribune combined to make the New York Herald-Tribune on 
March 19, 1924 — 62 years later! 

CONF I DENT I A L 



63 



REF ID : A62856 



W. F. FRIEDMAN CONF I DENTS 

Greensboro N.C. 

April 11 1865 

Benaja 11 Hd Q near R. G. 

Genl J. E. JohnBton 

A scout (reports?) that Genl Lee 
uiDvvs'WvzFx-mqs-EGAzox- 
HW-PJM-TzAt - near to appomattox Court 
houae yesterday No official Intelligence of the 
event DiF-xyikv-ciT-FBBHYG- 
FASD-JHi-LPOuB-Asto result Gen H. H. 

Walker is ordered YWFT-WSKTMT-BXzS- 
Gq.-XAmE-CHT-iu-AKMSAuPuVF- 

Let me hear from you there- I will have need to 
see you to confer as to future action. The above 
is my telegram of yesterday which iB repeated as 
requested. 

Jeffn Davis 
Official 
Burton Harrison 
Private Secty 

18-B. 

65 CONriDCNT I A tr 



REF ID : A62856 



COHriDCHT I A -fc- HISTORY OF cryptology 

for yourselves. (At the end of the next lecture I shall present the 
plain text of both messages.) 

Figure 18 is a photograph of an important message which you 
may wish to solve yourself. It was sent by President Jefferson 
Davis to General Johnston, on a very significant date, 11 April 
1865. * For ease in working on it I give also a transcription, since 
the photograph is very old and in poor state. I believe that this 
message does not appear in any of the accounts I’ve read. 

It is time now to tell you what I can about the success or lack of 
success which each side had with the cryptograms of the other side. 
I wish there were more information on this interesting subject than 
what I am about to present. Most of what sound information there 
is comes from a book by a man named J. Willard Brown, who served 
four full years in the Federal Army’s Signal Corps. The book is 
entitled The Signal Corps, U.S.A. in the War of the Rebellion, published 
in Boston in 1896 by the U.S. Veteran Signal Corps Association. In 
his book Brown deals with the cryptanalytic success of both sides. 
First, let’s see what the Union signalmen could do with rebel ciphers. 
Here are some statements he makes (p. 214): 

The first deciphering of a rebel signal code of which I find any re- 
cord was that made by Capt. J. S. Hall and Capt. R. A. Taylor, re- 
ported Nov. 25, 1862. Four days later, Maj. Myer wrote to Capt. 
Cushing, Chief Signal Officer, Army of the Potomac, not to permit 
it to become public “that we translate the signal messages of the rebel 
army”. 

April 9, 1863, Capt. Fisher, near Falmouth, reported that one of his 
officers had read a rebel message which proved that the rebels were in 
possession of our code. The next day he was informed that the rebel 
code taken (from) a rebel signal officer was identical with one taken 
previously at Yorktown. 

He received from Maj. Myer the following orders: 

“Send over your lines, from time to time, messages which, if it is in 
the power of the enemy to decipher them, will lead them to believe 
that we cannot get any clew to their signals.” 

“Send also occasionally messages untrue, in reference to imaginary 
military movements, as for instance, — “The Sixth Corps is ordered to 
reinforce Keyes at Yorktown.” 

Undoubtedly, what we have here are references to the general 
cipher system used by the Confederates in their electric-telegraph 
communications, for note the expression “Send over your lines”. 
This could hardly refer to visual communications. Here we also 
have very early instances, in telegraphic communications, of what we 
call cover and deception, i. e., employing certain ruses to try to hide 
the fact that enemy signals could be read, and to try to deceive him 

*1 should warn you that it contains several errors! 



66 



REF ID:A62856 



t 

i 



i 



w. F. Friedman COHriDCHTIAL 

by sending spurious messages for him to read, hoping the fraud will 
not be detected. 

Brown’s account of Union cryptanalytic successes continues (p. 
215): 

In October, 1863, Capt. Merrill’s party deciphered a code, and in 
November of the same year Capt. Thickstun and Capt. Marston de- 
ciphered another in Virginia. 

Lieut. Howgate and Lieut. Flook, in March, 1864, deciphered a code 
in the Western Army, and at the same time Lieut. Benner found one 
at Alexandria, Virginia. 

Capt. Paul Babcock, Jr., then Chief Signal Officer, Department of 
the Cumberland, in a letter dated Chattanooga, Tennessee, April 26, 
1864, transmitting a copy of the rebel signal code, says: 

Capt. Cole and Lieut. Howgate, acting Signal Officers, 
occupy a station of communication and observation on White 
Oak Ridge at Ringgold, Ga. . . . On the 22nd inst. the rebels 
changed their code to the one enclosed, and on the same day 
the above-mentioned officers by untiring zeal and energy suc- 
ceeded in translating the new code, and these officers have 
been ever since reading every message sent over the rebel 
lines. Many of these messages have furnished valuable infor- 
mation to the general commanding the department. 

The following is also from Brown (p. 279): 

About the first of June (1864), Sergt. Colvin was stationed at Fort 
Strong, on Morris Island, with the several codes heretofore used by 
the rebels, for the purpose of reading the enemy’s signals if possible. 

For nearly two weeks nothing could be made out of their signals, but 
by persevering he finally succeeded in learning their codes. Mes- 
sages were read by him from Beach Inlet, Battery Bee, and Fort 
Johnson. Gen. J. G. Foster, who had assumed command of the De- 
partment of the South, May 26th, was so much pleased with Sergt. 
Colvin’s work, that in a letter addressed to Gen. Halleck, he recom- 
mended “that he be rewarded by promotion to Lieutenant in the Sig- 
nal Corps, or by a brevet or medal of honor.” This recommendation 
was subsequently acted upon, but, through congressional and official 
wrangling over appointments in the Corps, he was not commissioned 
until May 13, 1865, his commission dating from Feb. 14, 1865. 

(p. 281): 

During the month, Sergt. Colvin added additional laurels to the fame 
he had earned as a successful interpreter of rebel signals. The enemy 
had adopted a new cipher for the transmission of important messages, 
and the labor of deciphering it devolved upon the sergeant. Con- 
tinued watchfulness at last secured the desired result, and he was 
again able to translate the important dispatches of the enemy for the 
benefit of our commandants. The information thus gained was fre- 
quently of special value in our operations, and the peculiar ability ex- 
hibited by the sergeant led Gen. Foster once more to recommend 
his promotion. 



67 COHriDCNTIAt 



' t 

i'll 









dji] 




■ 'm 




REF ID : A62856 
CONF I DENT I AL history of cryptology 

(p. 286): 

About the same time an expedition under Gen. Potter was organized 
to act in conjunction with the navy in the vicinity of Bull’s Bay. 
Lieut. Fisher was with this command, and by maintaining commu- 
nications between the land and naval forces facilitated greatly the 
conjoined action of the command. Meanwhile every means was em- 
ployed to intercept rebel messages. Sergt. Colvin, assigned to this 
particular duty, read all the messages within sight, and when the 
evacuation of Charleston was determined upon by the enemy, the 
first notification of the fact came in this way before the retreat had 
actually commenced. As a reward for conspicuous services rendered 
in this capacity, Capt. Merrill recommended that the sergeant be al- 
lowed a medal, his zeal, energy and labors fully warranting the honor. 

After the occupation of Charleston, communications was estab- 
lished by signals with Fort Strong, on Morris Island, Fort Johnson and 
James Island, Mount Pleasant, and Steynmeyer’s Mills. A line was 
also opened with the position occupied by the troops on the south 
side of the Ashley river. 

With regard to Confederate reading of Union visual signals. Brown 
makes the following observations of considerable interest (p. 274): 

The absolute necessity of using a cipher when signalling in the 
presence of the enemy was demonstrated during these autumn 
months by the ease with which the rebels read our messages. This 
led to the issuing of an order that all important messages should be 
sent in cipher. Among the multitude of messages intercepted by the 
enemy, the following were some of the more important .... 

Brown thereupon cites 25 such messages but he gives no indication 
whatever as to the source from which he obtained these examples or 
how he knew they had been intercepted. They all appear to be 
tactical messages sent by visual signals. 

In many of the cases cited by Brown it is difficult to tell whether 
wig- wag or electric telegraph messages were involved. But in one 
case, (evacuation of Charleston) it is perfectly clear that visual mes- 
sages were involved, when Brown says that Sgt. Colvin “read all 
the messages within sight.” 

Further with regard to rebel cryptanalytic success with Union mes- 
sages, Brown has this to say (p. 213): 

The reports of Lieut. Frank Markoe, Signal Officer at Charleston, 
show that during the siege thousands of messages were sent from one 
post to another, and from outposts to headquarters, most of which 
could have been sent in no other way, and many were of great im- 
portance to the Confederate authorities. 

Lieut. Markoe says that he read nearly every message we sent. 

He was forewarned of our attack on the 18th of July, 1863. He adds 
regretfully, however, that through carelessness of the staff officers at 
headquarters it leaked out that he was reading our messages. Our 
officers then began to use the cipher disk. In August he intercepted 



68 



REF ID : A62856 

W. F. FRIEDMAN CONFIDENTIAL 

the following message: “Send me a copy of rebel code immediately, if 

you have one in your possession”. He therefore changed his code. 

... A little later our officers used a cipher which Lieut. Markoe says 
he was utterly unable to unravel. 

It is unfortunate that neither Lieutenant Markoe, the Confederate 
cryptanalyst, nor Brown, the Union signalman, tell us what sort of 
cipher this was that couldn’t be unravelled. I assume that it was 
the Myer disk used properly, with a key phrase of some length and 
with successive letters, not whole words, being enciphered by succes- 
sive letters of the key. But this is only an assumption and may be 
entirely erroneous. 

In the foregoing citations of cryptanalytic successes it is significant 
to note that visual messages were intercepted and read by both 
sides; second, that Confederate telegraphic messages protected by 
the Vigenere cipher were read by Union personnel whenever such 
messages were intercepted; and third, that USMTC telegraph mes- 
sages protected by the route cipher, apparently intercepted occasion- 
ally, were never solved. Later I shall make some comments on this 
last statement, but at the moment let us note that technically the 
Vigenere cipher is theoretically much stronger than the route cipher, 
so that we have here an interesting situation, viz, the users of a 
technically inferior cryptosystem were able to read enemy messages 
protected by a technically superior one, but the users of a technically 
superior cryptosystem were not able to read enemy messages pro- 
tected by a technically inferior one — a curious situation indeed. 

I can hardly close this lecture without citing a couple of messages 
which appear in nearly every account I’ve seen of the codes and 
ciphers of the Civil War. These are messages which were sent by 
President Lincoln under circumstances in which, allegedly, the usual 
cipher could not be or, at least was not, employed. The first of the 
two was sent on 25 November 1862 from the White House to Major 
Generail Burnside, Falmouth, Virginia. The circumstances are so 
bizarre that if I merely presented the cipher message to you without 
some background I doubt if you would believe me. And even after 
I’ve presented the background, I’m sure you won’t know what to 
think. I, myself, don’t really know whether to take the incident 
seriously or not. Let me quote from an account of it in the book by 
David Homer Bates, one of the first members of the USMTC, in 
his Lincoln in the Telegraph Office (D. Appleton-Century Co., New 
York, 1939, pp. 58-61): 

“During Burnside’s Fredericksburg campaign at the end of 1862, 
the War Department operators discovered indications of an inter- 
loper on the wire leading to his headquarters at Aquia Creek. These 
indications consisted of an occasional irregular opening and closing 




69 




REF ID:A62856 
CONFIDENT I AL history of cryptology 

of the circuit and once in a while strange signals, evidently not made 
by our own operators. It is proper to note that the characteristics of 
each Morse operator’s sending are just as pronounced and as easily 
recognized as those of ordinary handwriting, so that when a message is 
transmitted over a wire, the identity of the sender may readily be 
known to any other operator within hearing who has ever worked 
with him. A somewhat similar means of personal identification occurs 
every day in the use of the telephone. 

“At the time referred to, therefore, we were certain that our wire 
had been tapped. In some way or other the Confederate operator 
learned that we were aware of his presence, and he then informed 
us that he was from Lee’s army and had been on our wire for several 
days, and that, having learned all that he wanted to know, he was 
then about to cut out and run. We gossiped with him for a while 
and then ceased to hear his signals and believed that he had gone. 

“We had taken measures, however, to discover his whereabouts by 
sending out linemen to patrol the line; but his tracks were well con- 
cealed, and it was only after the intruder had left that we found the 
place where our wire had been tapped. He had made the secret con- 
nection by means of fine silk-covered magnet wire, in such a manner 
as to conceal the joint almost entirely. Meantime, Burnside’s cipher- 
operator was temporarily absent from his post, and we had recourse 
to a crude plan for concealing the text of telegrams to the Army of the 
Potomac, which we had followed on other somewhat similar ocasions 
when we believed the addressee or operator at the distant point (not 
j provided with the cipher-key) was particularly keen and alert. This 

plan consisted primarily of sending the message backward, the indi- 
vidual words being misspelled and otherwise garbled. We had prac- 
tised on one or two despatches to Burnside before the Confederate 
operator was discovered to be on the wire, and were pleased to get his 
prompt answers, couched also in similar outlandish language, which 
was, however, intelligible to us after a short study of the text in each 
case. Burnside and ourselves soon became quite expert in this home- 
made cipher game, as we all strove hard to clothe the despatches in 
strange, uncouth garb. 

“In order to deceive the Confederate operator, however, we sent 
to Burnside a number of cipher messages, easy of translation, and 
which contained all sorts of bogus information for the purpose of mis- 
leading the enemy. Burnside or his operator at once surmised our 
purpose, and the general thereupon sent us in reply a lot of balderdash 
also calculated to deceive the uninitiated. 

“It was about this time that the following specially important des- 
patch from Lincoln was filed for transmission: 

/ Executive Mansion, Washington, 

November 25, 1862. 11:30 AM. 

MAJOR-GENERAL BURNSIDE, Falmouth, Virginia: If I should 

be in boat off Aquia Creek at dark to-morrow (Wednesday) evening, 
could you, without inconvenience, meet me and pass an hour or two 
with me? 

A. Lincoln. 

“Although the Confederate operator had said good-by several days 



70 



REF ID:A62856 



1 



w. f. friedman COHriDCMT I A b 

before, we were not sure he had actually left. We therefore put 
Lincoln’s telegram in our home-made cipher, so that if the foreign 
operator were still on our wire, the message might not be readily made 
out by the enemy. At the same time extra precautions were taken by 
the Washington authorities to guard against any accident to the 
President while on his visit to Burnside. No record is now found 
of the actual text of this cipher-despatch, as finally prepared for trans- 
mission, but going back over it word for word, I believe the following 
is so nearly like it as to be called a true copy: 

Washington, D. C., November 25, 1862 
BURNSIDE, Falmouth, Virginia: Can Inn Ale me withe 2 oar our 

Ann pas Ann me flesh ends N. V. Corn Inn out with U cud Inn heaven 
day nest Wed roe Moore Tom darkey hat Greek Why Hawk of Ab- 
bott Inn B chewed I if. BATES. 

This sort of subterfuge is hardly worthy of becoming embalmed in 
the official records of the war — and apparently it wasn’t. But 
several years later, one of identical nature did become so embalmed, 
for the message appears on page 236, Vol. 45, of “Telegrams received 
by the Secretary of War”: 

Hq. Armies of the U. S., City Point, Va., 

8:30 a. m., April 3, 1865 

TINKER, War Department: A. Lincoln its in fume a in hymn to 

start I army treating there possible if of cut too forward pushing is 
He is so all Richmond aunt confide is Andy evacuated Petersburg 
reports Grant morning this Washington Secretary War. BECK- 
WITH. 

Both Plum and Bates cite the foregoing telegram and their com- 
ments are interesting if not very illuminating. Plum says merely: 
“By reading the above backward with regard to the phonetics rather 
than the orthography, the meaning will be apparent”. Bates says: 

“The probable reason for adopting this crude form was to insure its 
reaching its destination without attracting the special attention of 
watchful operators on the route of the City Point- Washington wire, 
because at that crisis every one was on the Qui vive for news from 
Grant’s advancing army, and if the message had been sent in plain 
language, the important information it conveyed might have been 
overheard in its transmission and perhaps would have reached the 
general public in advance of its receipt by the War Department. 

“It is not necessary to give the translation of this cipher-message. 

To use a homely term, ‘Any one can read it with his eyes shut.’ In 
fact, the easiest way would be for one to shut the eyes and let some 
one else read it backward, not too slowly. The real wording then be- 
comes plain. 

Can you imagine for one moment that a “cryptogram” of such 
simplicity could not be read at sight by any USMTC operator, even 
without having someone read it to him backward? Such a “crypto- 
gram” is hardly worthy of a schoolboy’s initial effort at preparing a 




71 



REF ID : A62856 



CONF I DENT I AL history of cryptology 

secret message. But I assure you that I did not make this story up, 
nor did I compose the cryptogram. j 

Ruminating upon what I have shown and told you about the 
cryptosystems used by both sides in the Civil War, do you get the 
feeling, as I do, that the cryptologic achievements of neither side 
can be said to add lustre to undoubtedly great accomplishments on 
the battlefield? Perhaps this is a good place to make an appraisal 
of the cryptologic efficiency of each side. 

First, it is fair to say that we can hardly be impressed with the 
cryptosystems used by either side. The respective Signal Corps at 
first transmitted by visual signals messages wholely in plain lan- 
guage; such messages were often intercepted and read straight-away. 

Then both sides began enciphering such messages, the Signal Corps 
of the Federal Army using a cipher disk invented by the Chief Signal 
Officer, the Signal Corps of the Confederate Army using the Vigen&re 
cipher. In both cases the use of cryptography for tactical messages 
was quite inept, although it seems that from time to time the Federal 
signalmen had better success with the Vigen&re-enciphered visual 
messages of the Confederate signalmen than the latter had with the 
disk-enciphered messages of the Union signalmen. 

With regard to the cryptosystem used by the Confederate Signal 
Corps, although there may initially have been cases in which mono- 
alphabetic substitution alphabets were used, such alphabets were 
probably drawn up by agreement with the signal officers concerned, 
and changed from time to time. Nowhere have I come across a 
statement that the Myer disk or something similar was used. In 
any event, messages transmitted by visual signals were read from 
time to time by Union signalmen, the record showing a number of 
cases in which the latter “worked out the rebel signal code” — mean- 
ing, of course, that the substitution alphabet involved was solved. 
When did the Confederate Signal Corps begin using the Vigenere 
cipher? The answer seems to be quite clear. In a letter dated 6 
June 1888 from General J. H. Alexander (brother of General E. P.) 
to J. Willard Brown 9 we find the following statements: 

“At the first inauguration of the Signal Service in the Confederacy, 

I, having received in the first place the primary instruction from my 
brother, Gen. E. P. A., then a colonel on Beauregard’s staff near the 
Stone Bridge at Manassas, was assigned the duty of preparing a con- 
fidential circular of instruction for the initiation of officers and men, 
in this branch. I did prepare it, in Richmond, in early spring, 1862, 
and surrendered the copy to Hon. James A. Seddon, the then Secretary 
of War at Richmond. It was issued in form of a small pamphlet. 

I had attached a table for compiling cipher dispatches — which was printed 



9 Op. Cit., p. 206. 



72 



REF ID : A62856 



4 



W. F. FRIEDMAN COHr i DCNT I At 

with the rest of the matter — and the whole was issued confidentially to the 

officers newly appointed for signal duty. (My emphasis) 

I have italicized the last sentence because I think that the “table 
for compiling cipher dispatches” can refer only to the Vigenere square 
table, for that and only that sort of table is even mentioned in ac- 
counts of the ciphers used by the Confederacy. One could, of 
course, wish that the writer had given some further details but there 
are none. However, the statement about the table is sufficiently 
explicit to warrant the belief that it was General J. H. Alexander 
who officially introduced the Vigen&re square into Confederate 
cryptography, although he may have obtained the idea from his 
brother, since he states that he “received in the first place the pri- 
mary instruction from my brother”. 

In the Federal Signal Corps it is quite possible that the polyalpha- 
betic methods Myer cites in his Manual for using his cipher disk 
(changing the setting with successive words of a message) were used 
in some cases, because there are found in the record several instances 
in which the Confederate signalmen, successful with monoalphabetic 
encipherments, were completely baffled. One is warranted in the 
belief that it was not so much the complexities introduced by using 
a keyword to encipher successive words of the plain text as it was the 
lack of training and experience in cryptanalysis which hampered 
Confederate signalmen who tried to solve such messages. In World 
War I a German Army system of somewhat similar nature was reg- 
ularly solved by Allied cryptanalysts, but it must be remembered, in 
the first place, that by 1914 the use of radio made it possible to 
intercept volumes of traffic entirely impossible to obtain before the 
advent of radiotelegraphy; and, in the second place, would-be crypt- 
analysts of both sides in the Civil War had nothing but native wit 
and intelligence to guide them in their work on intercepted messages, 
for there were, so far as the record goes, no training courses in crypt- 
analysis on either side, though there were courses in cryptography 
and signaling. It would seem to cryptanalysts of 1961, a century 
later, that native wit and intelligence nevertheless should have been 
sufficient to solve practically every message intercepted by either 
side, so simple and inefficient in usage do the cryptosystems em- 
ployed by both sides appear today. 

No system employed by the Federals, either for tactical messages 
(Signal Corps transmissions) or strategic messages (USMTC trans- 
missions) would long resist solution today, provided, of course, that 
a modicum of traffic were available for study. Although technically 
far less secure in actual practice than properly enciphered Vigenere 
messages, the route ciphers of the USMTC seem to have eluded the 
efforts of inexpert Confederate cryptanalysts. Ex-USMTC operators 




73 



REF ID : A62856 



CONF I DENT I AL history of cryptology 

make the statement that none of their messages was ever solved and 
that the Confederates published intercepted messages in Southern 
newspapers in the hope that somebody would come forward with a 
solution; yet it must be remembered that those operators were 
Northerners who were very naturally interested in making the achieve- 
ments of the Union operators, both in cryptography and in crypt- 
analysis, appear more spectacular than they really were. And it is 
probable that they wrote without having made a real effort to as- 
certain whether the Confederates did have any success. A “real 
effort” would have been a rather imposing undertaking then — as it 
still is, I fear. Now it must be presumed that if Confederate opera- 
tors had succeeded in solving intercepted traffic of the USMTC they 
would have recorded the facts to their own credit. But in his seven 
volumes on the campaigns of Lee and his lieutenants, Douglas S. 
Freeman does not mention a single instance of interception and 
solution of telegraphic messages of the Union. Perhaps Freeman 
was seeking 100% confirmation, which is too much to expect in a 
field of such great secrecy. This failure of the Confederate crypt- 
analysts is the more astonishing when we know that copies of the 
USMTC cipher books were captured and that, therefore, they must 
have become aware of the nature of the route ciphers used by the 
USMTC, unless there was a lack of appreciation of the value of such 
captures and a failure to forward the books to the proper authorities, 
who could hand them over to their experts. In those books the 
USMTC route ciphers would have been seen in their naive simplicity, 
complicated only by the use of “arbitraries” or code equivalents, but 
hardly to the degree where all messages would be impossible to solve. 
It seems to me that there can be only four possible explanations for 
this failure to solve the USMTC route ciphers. Let us examine them 
in turn. 

First, it is possible that there was not enough intercept traffic to 
permit solution. But this is inadequate as an explanation. The 
route cipher is of such simplicity that “depth” is hardly an absolute 
requirement — a single message can be solved, and its intelligibility 
will be determined to a large degree by the number of “arbitraries” 
it contains. Where there are many, only the dim outlines of what 
is being conveyed by the message may become visible; where there 
are few or even none, the meaning of the messages becomes fairly 
evident. But the abundant records, although they contain many 
references to intercepts, fail to disclose even one instance of solution 
of a USMTC message. Thus we are forced to conclude that it was 
not the lack of intercept traffic which accounts for lack of success by 
the Confederates with USMTC messages, but some other factor. 



74 



REF ID : A62856 



w. f. friedman CONriDCNT trtb 

Second, the lack of training in cryptanalysis of Confederate crypt- 
analysts might have been the reason why Confederate signalmen 
failed to solve the messages. This sounds plausible until we look 
into the matter with a critical spirit. Solution of route ciphers 
requires little training; native wit and intelligence should have been 
sufficient. The degree of intelligence possessed by Confederate 
I officers and men was certainly as high as that of their Union counter- 

4 parts who were up against a technically far superior cryptosystem, 

the Vigenere. We may safely conclude that it was not lack of native 
| wit and intelligence that prevented them from solving messages en- 

| ciphered by the USMTC route ciphers. 

Third, it is possible that Confederate high commanders were not 
interested in communications-intelligence operations or in gathering 
the fruits of such operations. Such an explanation seems on its face 
fatuous and wholely unacceptable. We know of the high estimate 
of value field commanders placed upon the interception and solution 
of tactical messages transmitted by visual signaling; but an apprecia- 
tion of the extraordinary advantages of learning the contents of 
enemy communications on the strategic level may have been lacking. 
My colleague Mr. Fishel thinks that “intelligence consciousness” 
and “intelligence sophistication” were of a very low order in the 
Union Army, and of a markedly lower order in the Confederate Army. 
But to us, in 1961, to disregard the advantages of a possible reading 
of strategic messages seems almost incredible and I am inclined to 
discount this sort of explanation. 

Fourth, it is possible that Confederate cryptanalysts were far more 
successful in their efforts to solve USMTC transmissions than present 
| publicly-available records indicate; that Confederate commanders 

i obtained great advantages from their communications-intelligence 

operations; that they fully recognized the supreme necessity of keep- 
ing this fact and these advantages secret; and that the Confederate 
States Government adopted and enforced strict communications- 
intelligence security regulations, so that the truth concerning these 
matters has not yet emerged. Let it be noted in this connection 
that very little information can be found in the public domain today 
about Allied cryptanalytic successes during World War I; and were 
. it not for the very intensive and extensive investigations in the mat- 

ter of the Japanese attack on Pearl Harbor on 7 December 1941, 
very little, if any, information would be known to the public about 
British and American successes in communications-intelligence 
during World War II. Immediately following the capture of Rich- 
! mond and before Confederate records could be removed to a safe 

place, a great fire broke out and practically all those records were 
! destroyed. It is possible that this is one of the reasons why the 

| 75 CONF I DENTIAL 



REF ID:A62856 



CO N F I DENTIAL history of cryptology 

records of their communications-intelligence successes have never 
come to light. But it is also possible that Confederate cryptanalysts 
kept their secrets to themselves. We know that the records possessed 
or taken by certain Confederate leaders have been gone over 
with great care and attention, but what happened to those retained 
by other Confederate leaders such as the Secretary of War Seddon, 
or his predecessor Judah P. Benjamin, who later became Secretary of 
State, and others? Here is a fascinating speculation and one which 
might well repay careful, painstaking research in the voluminous 
records of our National Archives. I shall leave the delving into 
those records to some of you young and aspiring professional crypt- 
analysts who may be interested in undertaking such a piece of re- 
search. With this thought I bring this lecture to its close. 




i 



< 



< 



REF ID:A62856 

UNCLASSIFIED 



The Association Factor in Information Retrieval 

BY H. EDMUND STILES 
Unclassified 

This paper describes an all-computer document-retrieval system which 
can find documents related to a request even though they may not be in- 
dexed by the exact terms of the request, and can present these documents 
in the order of their relevance to the request. 

All documentalists who are operating large coordinate indexes are 
searching for better ways to exploit this type of information system. 
In our library we have already eliminated the time-consuming job of 
posting document numbers manually by enlisting the aid of a 705 
computer. (The computer periodically prepares revised posting 
cards to replace the outdated ones.) Now we are searching for 
better solutions to our retrieval problems. 

One obvious retrieval problem in any large system is the time re- 
quired to “coordinate” heavily posted terms. We are convinced we 
must mechanize if we are to allow our collection to grow indefinitely. 

A second problem is the retrieval of so many documents related to 
a single request that the customer finds it difficult to decide which 
document to examine first. Since he has no precise means of de- 
termining which document is most closely related to a request, we 
have tried to assist him in using somewhat arbitrary or subjective 
means. The date of the document is sometimes used as a relevance 
criterion, in the hope that the most recent document will be the most 
pertinent, or the name of the author is used, in the hope that the 
work of a known author will answer the request better than that of 
an unknown one. The pitfalls of such criteria are apparent. 

The third, and by far the most serious difficulty in a large system, 
is the problem of choosing terms for search which will turn up all of 
the documents relevant to the request. Our handicap has been that 
we have had to select the precise terms that were originally used to 
index the desired document. Literally hundreds of terms may have 
been used to index documents on the various aspects of a particular 
subject and yet we must grope for just the right set of terms. Just 
as the indexer tried to use language which he hoped would be used 
by future requesters, so the requester must hope to use the same 



This article has been published in the April 1961 issue of The Journal of the 
ACM (Association for Computing Machinery). 





77 



UNCLASSIFIED 



REF ID : A62856 



r 



UNCLASSIFIED information retrieval 

terms that were used by the indexer in processing the required 
documents. 

With our new method we believe we can overcome all three diffi- 
culties. First, every step of the process can be performed by exist- 
ing machines; second, in answer to a given request our machines will 
deliver a list of documents arranged in the approximate order of 
their relevance to the request, and third, we will be able to find these 
documents even though they may not be indexed by the terms of the 
initial request. 

Our general strategy is to generate by machine an expanded list 
of request terms that will serve as a bigger net to catch documents. 
Once caught we will grade them automatically so that the most im- 
portant ones will be on top. Our experiment was conducted on an 
existing collection of over 100,000 documents already indexed by the 
Uniterm Coordinate Index System. [1] 

The first step in our procedure is to develop a list of terms ar- 
ranged according to their degree of association with a given term. 
Frequency alone is not a satisfactory measure of association. For 
example, we counted the number of times various terms had been 
used together with the term “Friction” to index a document and 
found that of the 105 terms used, the most frequent were: 



Theory 7 times 

Film 6 

Crystal 5 

Metal 5 

Thin 5 

Transfer 4 

Clutch 3 

Damping 3 

Electrostatic 3 



Although “Metal” and “Clutch” may be significantly associated 
with “Friction”, obviously the word “Theory” which is at the top of 
the list has no more relationship to “Friction” than to any other 
word about which there might be a theory. We searched for a for- 
mula that would give us a relative frequency — one that would meas- 
ure the distance from the expected frequency of occurrence assum- 
ing no association. After considering several other formulas, in- 
cluding the ones reported by Maron, Kuhns and Ray in their report 
on “Probabilistic Indexing”, [2] we decided to use the following: 

(I fN-AB -fViV 

logl ° ABjN - ~aT{N~^B) = FACT0R > 



UNCLASSIFIED 



78 




REF ID:A62856 

H. E. stiles UNCLASSIFIED 

where A is the number of documents indexed by one term; 

B is the number of documents indexed by a second term; 

/ is the number of documents indexed by the combination of 
both terms; and 

N is the total number of documents in the collection. 

This formula is a form of the chi square formula using the marginal 
values of the 2X2 contingency table and the Yates’ correction [3] for 
small samples. If AB > fN the association is negative. Such oc- 
currences must be recognized during the computation process and the 
resultant association factors marked to indicate negative association. 
By applying this formula to each of the 105 terms paired with “Fric- 
tion” the top of the list became as follows: 



Term 


/ 


A 


B 


Association Factor 


Wear 


2 


4 


25 


3.35 


Thin 


5 


49 


25 


3.21 


Lubrication 


2 


9 


25 


3.00 


Belt 


1 


2 


25 


2.70 



“Theory” dropped down to a much more reasonable position, and 
terms such as “Analysis”, “Problems” and “Study” were at the 
bottom. “Wear” had risen to the top even though it occurred only 
twice in association with “Friction”. Anyone interested in friction 
would probably be interested in the two additional documents in- 
dexed by “Wear” and the seven additional documents indexed by 
“Lubrication”. 

We tried the same experiment for the term “Exposure” with the 
following results: 

“ Exposure ” 



Term 


f 


A 


B 


Association Factor 


Weathering 


3 


3 


29 


3.86 


Plywood 


1 


1 


29 


2.94 


Nylon 


2 


12 


29 


2.80 


Enamel 


1 


2 


29 


2.63 


Microfilm 


3 


52 


29 


2.61 


Preservatives 


1 


3 


29 


2.46 


Lenses 


3 


77 


29 


2.44 


Radiography 


1 


4 


29 


2.33 


Protective 


1 


12 


29 


1.85 



Terms that had association factors of less than one (1.00) were 
discarded. On this basis only a small portion of the terms that had 
been used with “Exposure” (or “Friction”) were considered to be 
associated with it. 



79 



UNCLASSIFIED 




REF ID : A62856 



UNCLASSIFIED information retrieval 

These term profiles, as we have chosen to call these lists of as- 
sociated terms, have four important characteristics. First, they are 
derived from the document collection itself rather than from the 
subjective realm of human experience. Therefore only the terms 
that will be useful in finding documents are included and extraneous 
terms are eliminated. Second, they are generated in a statistical 
manner which can be duplicated by an unthinking computer, an en- 
couraging fact considering the future masses of literature to be 
indexed. Third, they reveal the various facets of meaning that the 
term has in our particular collection. The profile for the term “Ex- 
posure”, for instance, contains terms used when describing “expo- 
sure to the elements,” “exposure of photographic film,” and “expo- 
sure to radiation.” This characteristic makes explicit the variety of 
meanings that were inherent in the parent term — a fact we will come 
to appreciate when we start combining them. And finally, the pro- 
files derived by this method alone contain terms that are only sta- 
tistically related and not semantically related to the request term. 
This distinction has been well explained by Maron, Kuhns and 
Kay. [2] 

“Whereas the semantical relationships are based solely on the mean- 
ings of the terms and hence independent of the “facts” described by 
those words, the statistical relationships between terms are based solely 
on the relative frequency with which they appear and hence are based 
on the nature of the facts described by the documents. Thus, although 
there is nothing about the meaning of the term ‘logic’ which implies 
‘switching theory’, the nature of the facts (viz., that truth-functional 
logic is widely used for the analysis and synthesis of switching circuits) 
‘causes’ a statistical relationship. Another example might concern 
the terms ‘information theory’ and ‘Shannon’ ...” 

Later we will describe how to derive semantic relationships as well 
as purely statistical ones. 

When we have prepared a term profile for each request term we 
are ready to proceed to the second step, which is to compare the 
profiles of each term of a multiterm request and select those terms 
which appear in all or in a given number of profiles. These selected 
terms are called first generation terms. We are aware of the possi- 
bilities in a conventional coordinate indexing system of requesting 
documents that have a logical product, sum, or negation of the re- 
quest terms. The same flexibility exists when using the association 
factor. If the request is for documents on “American Tractor Tires ” 
we would prepare a vocabulary profile for each term and then select 
only those terms which appear in all three profiles. However, if we 
were interested in “American Tractor OR Automobile Tires” we would 
select those terms that appeared in the profiles of “American” and 
“Tires” and either “Tractor” or “Automobile”. These first genera- 



UNCLASSIFIED 



80 



REF ID:A62856 



h. e. stiles UNCLASSIFIED 

tion terms therefore tend to reflect the logic of the request. How- 
ever we cannot exclude from our first generation terms all the terms 
in the profile of a “not” term because of the danger of also eliminating 
some desirable terms. “Not” terms must be used by themselves to 
eliminate documents that have been indexed by them. If a request 
has only a single term, the terms of its profile are the same as its 
first generation terms. 

The end result of this second step described above, is a list of first 
generation terms which have been used with the original request 
terms to index documents much more frequently than would be ex- 
pected of terms having no association. Remember also, that these 
first generation terms are only statistically associated with the request 
terms. Synonyms or near synonyms are not likely to be found in 
this list, because documents are not usually indexed by synonymous 
terms. Yet synonyms, near synonyms, generics, specifics, and other 
closely related words would be desirable additions to an expanded 
list of request terms. Our method of generating these constitutes 
our third step. It projects us beyond the purely statistical relation- 
ships and into the realm of meaningful associations. This step is to 
treat the first generation terms as request terms and repeat steps 1 
and 2. Since there may be quite a number of first generation terms, 
we need not require that a term appear in all of their profiles, but 
only in approximately one fifth or in some other specified number of 
profiles. The resultant new terms are called second generation terms. 
Among these we find words closely related in meaning to the request 
terms. 

For example, if we were asked for all documents on United States 
wheat exports, the profile of the term “United States” would probably 
not contain the terms “Uncle Sam” or “USA” even if they were 
permissible in our term dictionary, since any given document would 
not be indexed by more than one of the three terms. Since they are 
missing from the “United States” profile, they would not be included 
among the first generation terms. However, when the first genera- 
tion terms such as “Kansas”, “Bushels”, “Dollars”, “Grain”, “Cor- 
dell Hull”, “Tariff”, etc., are treated as request terms, each may 
well have “Uncle Sam” and “USA”, as well as “United States” 
among its profiles. Assuming that they will appear in a sufficient 
number of the profiles, they will qualify as second generation terms. 

In our coordinate index we have tried to eliminate all synonyms 
by cross-referencing them to a single term in our term dictionary. 
However, when we requested documents on the “Weatherproofing of 
Fabrics” we derived “Fungus”, “Plastic”, “Exposure”, and “Coat- 
ing” among the first generation terms, and “Weathering”, “Fungi- 




81 



UNCLASSIFIED 



REF ID : A62856 



UNCLASSIFIED information retrieval 



cidal”, and “Preservatives” among the second generation terms. In 
future applications of this system we can expect the second genera- 
tion terms to include not only synonyms, but also various gramma- 
tical forms and even variations in spelling of the request terms. 

We now have an expanded list of request terms. It includes the 
original request terms, the first generation terms and the second gen- 
eration terms. It is reasonable to assume that these terms do not 
all have the same degree of association with the original request and 
that it would be helpful to determine the degree of association for 
each before proceeding further. 

The fourth step is the preparation of a table of the expanded list, 
in which we would record the association factors of each term to all 
others. We record only those above the established threshold of 1. 
The sum of the association factors for each term, divided by the total 
number of terms in the expanded fist, gives us a weight which will 
enable us to arrange the terms according to their probable relevance 
to the request. The expanded list of terms related to the “Weather- 
proofing of Fabrics” with term weights is as follows: 



Fabrics 2.67 

Plastics 2.58 

Coating 2.38 

Fungus 2.28 

Weatherproofing 2.04 

Tests 1.90 

Exposure 1.87 

Compounds 1.76 

Laminates 1.73 

Resins 1.56 

Weathering 1.52 

Materials 1.43 

Glass 1.42 

Cotton 1.36 

Chemical 1.34 

Fungicidal 1.32 

Compressor 1.27 



Deterioration 1.26 

Resistance 1.25 

Protection 1.25 

Agar 1.23 

Metals 1.21 

Plate 1.17 

Biphenyl 1.14 

Dinitrofluorotoluene 1.14 

Dinitrobenzene 1.14 

Vinyl 1.14 

Preservatives 1.09 

Elastomers 1.08 

Molded 1.06 

Aluminum 1.04 

Aging 1.03 

Temperature 1.02 

Fluorine 1.00 



No one word in this list could be substituted for the request, be- 
cause each has its own variety of meanings and uses, yet it would 
be hard to use a group of them without touching on the subject of 
the request. We now have a powerful tool with which to search for 
documents, for we are not dependent upon the requester and the in- 
dexer using the same language. Rather, we have fashioned a request 
language from the consensus of all previous indexing. 

We are now ready for step 5. We compare the expanded list of 



UNCLASSIFIED 



82 



REF ID : A62856 



h. E. stiles UNCLASSIFIED 

request terms with the index terms of each document in the collection. 
Whenever the terms match, the weight of the request term is as- 
signed to the corresponding document index term. The sum of these 
weights for each document is called the document relevance number. 
This number should indicate the degree of fit between the request 
and the contents of the document. 

From a request for all documents on the subject of “Thin Films” 
we found the list of document numbers indicated in column 1 of 
Table 1. These document numbers are arranged according to their 
document relevance numbers which appear in column 2. We then 
asked a qualified engineer to examine these documents and specify 
which were related to “Thin Films” and which were not. He de- 
veloped his own rating scale which was as follows: 

Yes — Contains information on “Thin Film”. 

M — May be useful background information. 

P — Possibly contains useful background information. 

No — Does not contain information on “Thin Film”. 

This engineer was not familiar with our project nor did he have ac- 
cess to any of our results, yet column 3 indicates a remarkably high 
correlation between his evaluation and the document relevance num- 
bers. We then checked back to see how the documents containing 
information on “Thin Film” had been indexed (see col. 4). We 
found that the first five documents on our list had been indexed by 
both “Thin” and “Film”. Three more documents had been indexed 
by “Film” alone, and other related terms. Two documents had not 
been indexed by either “Thin” or “Film”, but only by a group of 
related terms, yet they contained information on “Thin Films” and 
had a high document relevance number. By using association fac- 
tors, and a series of statistical steps, easily programmed for a com- 
puter, we were thus able to locate documents relevant to a request 
even though the document had not been indexed by the terms used in the 
request. 

The basic 5 steps in our new retrieval method can be summarized 
as follows: 

(1) Prepare a profile for each request term. This profile consists 
of terms that have been used with the request term and have an 
Association Factor greater than 1. 

(2) Compare the profiles of each request term and select those 
terms which appear in all or in a given number of profiles. These 
terms are called first generation terms. 

(3) Treat the first generation terms as request terms and repeat 
steps 1 and 2. The resultant terms which are not already request 



83 



UNCLASSIFIED 



REF ID : A62856 



r 



UNCLASSIFIED information retrieval 



terms or first generation terms are called second generation terms. 

(4) Make a table of association factors for the expanded list of 
request terms. The sum of the Association Factors for each term is 
called its weight. This weight indicates the degree of association be- 
tween that term and the complete request. 

(5) Compare the list of expanded request terms with the index 
terms of each document in the collection and add the weights of the 
terms that match. The sum of the weights is called the document 
relevance number. This number is used to present the documents to 
the requester in the order of their probable relevance to the request. 

Thus far, our experiments have been conducted on an existing 
collection of documents already indexed by a manual Uniterm Co- 
ordinate Index System. However, we believe that the really signif- 
icant fact about our discoveries is their potential use in an all-machine 
document storage and retrieval system. Such a system could start 
with automatic encoding of natural language, as described by Luhn 
of IBM, [4] [5] and end with the presentation of abstracts of the de- 
sired documents. The results of “auto-encoding”, which is a dis- 
tinctive vocabulary representing the document, might be a more re- 
liable basis for the statistical manipulation of our system than the 
whim of an indexer. For instance, when we searched for documents 
on the weatherproofing of fabrics, we missed one because it had been 
indexed by the terms “Comprehensive”, “Study”, “Weatherproof- 
ing” and no others. Only a search through the one hundred and 
seven documents on weatherproofing would have turned up this 
document. However, if the document had been “auto-encoded”, 
the necessary number of distinctive terms would have been ensured. 

The association factor would be useful in selecting incoming doc- 
uments for dissemination to company engineers. It would form the 
bridge between the language of the engineers requirements and the 
language used in the document. Each requirement would be sur- 
rounded with a profile of terms based on those supplied by the engi- 
neer and supplemented by those automatically generated from the 
document collection. The index terms assigned to incoming docu- 
ments would then be compared with these profiles to determine the 
degree to which they fulfilled the requirements. 

Moreover, we should not only be able to provide an engineer with 
incoming material related to his requirements, of which there is 
bound to be too much, but also tell him which of those items contain 
some new information in his field (i. e., new to the document collec- 
tion). This feat can be accomplished by comparing the profiles of 
the request terms derived from the established document collection 
with the profiles of the request terms derived from a group of in- 



UNCLASSIFIED 



84 



REF ID : A62856 



H. E. stiles UNCLASSIFIED 

coming documents. Terms appearing in high association with the 
request terms in the new profiles which were not associated in the 
established profiles are indicators of new and distinctive material. 
By treating these new words plus the original request terms as a new 
set of request terms, the documents containing the new and distinc- 
tive information can be found. 

Further applications of the association factor are suggesting them- 
selves daily. It is hoped that this presentation will stimulate further 
discussion and experimentation. 



DOCUMENTS RELATED TO “THIN FILM” 
ARRANGED BY DOCUMENT RELEVANCE NUMBERS 



1 


2 


3 


4 


Document 

Number 


Document 

Relevance 

Numbers 


Degree of 
Association 


Use of Thin 
and/or Film as 
Index Terms 


S-66,794 


24.32 


Yes 


Thin Film 


S-51,212 


24.22 


Yes 


Thin Film 


S-51,050 


24.22 


Yes 


Thin Film 


S-33,067 


24.22 


Yes 


Thin Film 


S-33,068 


22.47 


Yes 


Thin Film 


S-95,555 


19.87 


Yes 


Film 


S-34,019 


15.59 


Yes 


Film 


S-18,958 


15.30 


P 




S-73,671 


14.83 


Yes 




S-38,473 


12.54 


No 




S-37,438 


11.81 


M 




S-35,837 


11.20 


M 




S-39,631 


10.72 


M 




S-35,838 


10.14 


P 




S-65,855 


10.08 


M 




S-80,485 


10.05 


Yes 


Film 


S-76,529 


9.83 


Yes 




S-44,571 


9.66 


M 




S-56,755 


9.50 


M 




S-42,772 


9.38 


M 




S-63,862 


9.38 


No 




S-33,834 


9.30 


P 




S-33,835 


9.30 


P 




S-33,832 


9.30 


P 




S-35,839 


9.30 


P 




S-80,309 


9.18 


P 




S-59,129 


9.12 


P 






85 



UNCLASSIFIED 




Si 



REF ID : A62856 



UNCLASSIFIED information retrieval 



1 


2 


3 


4 


Document 

Number 


Document 

Relevance 

Numbers 


Degree of 
Association 


Use of Thin 
and/or Film as 
Index Terms 


S-70,145 


8.66 


M 




S-59,442 


8.03 


P 




S-60,834 


7.95 


M 




S-49,629 


7.85 


No 




S-71,275 


7.27 


No 




S-51,499 


7.16 


P 




S-33,831 


7.13 


M 




S-31,735 


7.13 


M 




S-66,513 


6.93 


P 




S-3 1,620 


6.94 


No 




S-31,620 


6.94 


No 




S-80,360 


6.94 


No 




S-61,700 


6.91 


No 




S-44,921 


6.40 


P 




S-59,130 


6.40 


P 




S-53,424 


6.36 


No 




S-78,885 


6.03 


M 




S-55,371 


6.01 


No 




S-38,474 


5.82 


P 




S-80,974 


5.33 


No 




S-48,093 


5.23 


No 




S-80,293 


5.23 


No 




S-55,644 


4.65 


No 




S-58,247 


4.41 


P 




S-60,114 


4.41 


P 




S-45,420 


4.41 


P 




S-28,975 


4.26 


No 




S-37,031 


2.70 


No 




S-71,296 


2.70 


No 





REFERENCES 

[1] Sanford, Albert and Theriault, Frederic R. “Problems in the Application of 

Uniterm Coordinate Indexing” College and Research Libraries. Vol. 17 
No. 1, January 1956. pp. 19-23. 

[2] Maron, M. E., Kuhns, J. L. and Ray, L. C. “Probabilistic Indexing” Ramo- 

Wooldridge, Data Systems Project Office, Technical Memorandum No. 3. 
June 1959. 



.tLJ 



UNCLASSIFIED 



86 






REF ID : A62856 
H. E. stiles UNCLASSIFIED 

[3] Yates, F., “Contingency Tables Involving Small Numbers and the Chi 

Square Test,” Supplement to the Journal of the Royal Statistical Society, 1 
(1934), pp. 217-235. 

[4] L uhn, H. P. Potentialities of Auto-Encoding of Scientific Literature, Interna- 

tional Business Machines Corporation, Research Center, Research Report 
RC-101, May 15, 1959. 

[5] L uhn, H. P. “Auto-Encoding of Documents for Information Retrieval 

Systems” (In Boaz, Martha, ed. Modern Trends in Documentation. New 
York, Pergamon Press, 1959.) 







87 



UNCLASSIFIED 



, REF ID:A62856 



CONFIDENT I AL 



TELEPHONE DIRECTORY OF CONTRIBUTORS TO THIS ISSUE 
Author Office Extension 

H. H. Campaigne REMP 7249 

W. F. Friedman* 

W. W. Jacobs REMP 7249 

P. E. Neff CSEC 60501 

H. E. Stiles CREF 7267 

* Special Consultant 



COHriDCNT I A t 



CREF(AG)-Apr 61-MAT-66015D 



hscnCi;'-' ;i 




24 5 FRI tDMANNI 

1 III 1 
1 1 II 


1 


P G S 1 3 

1 1 

1 1 II 


R4 

1 

1 


Rfc.MP NS A T E 

III 1 

VCt 6 NO 

II II 1 II 


CH JOURNAL 

1 

II 


ir’.-' A r»" 

' .K . m ■ /\ . c 




DESTRUCTION 


1 


1 


1 1 




1 




1 


1 




1 1 


1 


1 





'In^’Ajrt^on 


1 












1 




1 1 


1 1 




| II 0"> . 




. 'v (jiHcgr) | | 






1 




1 1 II 




1 


1 


1 


1 1 


1 




- VI/ nr. pa 


iio i 






1 1 1 


1 



I 



II 



I I 



I 



I 



I 



REF ID : A62856 



CONF I DENTIAL 

An Introduction to Cryptology -I 

BY WILLIAM F. FRIEDMAN 



Confidential 



The first of senes of lectures prepared by Mr. Fnedman for delivery to an audience 
assumed to be totally unfamiliar with the subject. 



The objective of tbls series of lectures is to create an awareness of 
the background, development, and manner of employment of a science 
that is the basis of a vital military offensive and defensive weapon known 
as cryptology, a word that comes from the Greek kryptos, meaning 
secret or hidden, plus logos, meaning knowledge or learning. Cryptology will 
be specifically defined a little later; at the moment, however. Pm sure 
you know that it has to do with secret communications. 

Let me say at the outset of these lectures that I may from time to time 
touch upon matters which are perhaps essentially peripheral or even ir- 
relevant to the main issues, and if a defense is needed for such occasional 
browsing along the by-ways of the subject, it will be that long preoccupa- 
tion with any field of knowledge begets a curiosity the satisfaction of which 
is what distinguishes the dedicated professional from the person who 
merely works Just to gain a livelihood in whatever field he happens to find 
himself a job. That’s not much fun, I’m afraid. By the way. a British 
writer, James Agate, defines a professional as the man who can do his job 
even when he doesn’t feel like doing it; an amateur, as a man who can’t 
do his job even when he does feel like doing it. This is pretty tough on the 
gifted amateur and 1 for one won’t go all the way with Agate’s definition. 
There are plenty of instances where gifted amateurs have done and dis- 
covered thlngB to the chagrin and red-f&cedneas of the professionals. 

Coming back now to the main thoroughfare after the foregoing brief 
jaunt along a by-way, 1 may well begin by telling you that the science of 
cryptology has not always been regarded as a vital military offensive and 
defensive weapon, or even as a weapon in the first place. Here I am re- 
minded of a story In a very old book on cryptography. The story is prob- 
ably apocryphal, but it’s a bit amusing, and I give it for what it’s worth. 

It seems that about two thousand years ago there lived a Persian queen 
named Semiramls, who took an active Interest in cryptology. She was in 
some respects an extraordinarily unpleasant woman and we learn without 
surprise that she met with an untimely death. She left behind her instruc- 
tions that her earthly remains were to be placed in a golden sarcophagus 
within an imposing mausoleum, on the outside of which, on its front stone 
wall, there was to be graven a message, saying: 



1 



CONriDCNT I A I: 



REF ID:A62856 

CONriDCHT I A fc- AN INTRODUCTION TO CRYPTOLOGY -i 



Stay, weary traveller! 

If thou art footsore, hungry, or In need of money — 

Unlock the riddle of the cipher graven below. 

And thou wilt be led to riches beyond all dreams of avarice! 

Below thin curious Inscription was a cryptogram, a Jumble of letters 
without meaning or even pronounceablllty. For several hundred years the 
possibility of sudden wealth served as a lure to many expertB who tried 
very hard to decipher the cryptogram. They were all without success, 
until one day there appeared on the scene a long-haired, be-whlskered. 
and bespectacled savant who, after working at the project for a con- 
siderable length of time, solved the cipher, which gave him detailed 
Instructions for finding a secret entry into the tomb. When he got 
Inside, he found an instruction to open the sarcophagus, but he had to 
solve several more cryptograms the last one of which may have Involved 
finding the correct combination to a 5-tumbler combination lock — who 
knows? Well, he solved that one too, after a lot of work, and this enabled 
him to open the sarcophagus, inside which he found a box. In the box was 
a message, this time In plain language, and this is what It said: 

O, thou vile and Insatiable monster! To disturb these poor bones! 

If thou hadst learned something more useful than the art of 
1 deciphering, 

Thou wouldst not be footsore, hungry, or in need of money! 

*■ r 

I'm frank to confess that many times during my 40-year preoccupation 
with cryptology, and generally near the middle and the end of each month, 
I felt that good old Queen Semlramls knew what she was talking about. 
However, earning money is only a part of the recompense for working in 
the cryptologic field, and I hope that most of you will find out sooner or 
later what some of these other recompenses are, and what they can mean 
to you, 

H Queen Semlramls thought there are other things to learn that are 
more useful than the art of deciphering. I suppose we’d have to agree, 
but we are warranted In saying, at least, that there isn’t any question 
about the Importance of the role that cryptology plays In modern times: 
all of us are Influenced and affected by It, as I hope to show you in a few 
minutes. 

I shall begin by reading from a source which you’ll all recognize — 
Time , the issue of 17 December 1945. - 1 will preface the reading by re- 
minding you that by that date World War n was all over — or. at least 
V-E and V-J days had been celebrated some months before. Some of you 
may be old enough to remember very clearly the loud clamor on the part 
of certain vociferous members of Congress, who had for years been In- 



CONF I DENTIAL 



REF ID : A62856 

W. F. FRIEDMAN 



slating upon learning the reasons why we had been caught by surprise In 
such a disastrous defeat as the Japanese had inflicted upon us at Pearl 
Harbor. This clamor had to be met, for these Congressmen contended 
that the truth could no longer be hushed up or held back because of an 
alleged continuing need for military secrecy, as claimed by the Adminis- 
tration and by many Democratic senators and representatives. The war 
was over — wasn't it? — Republican senators and representatives in- 
sisted. There had been investigations— a half dozen of them— but all ex- 
cept one were Top Secret. The Republicans wanted— and at last they got 
what they desired— a grand finale Joint Congressional Investigation which 
would all be completely open to the public. No more secrets! It was spec- 
tacular. Not only did the Congressional Inquiry bring into the open every 
detail and exhibit uncovered by Its own lengthy hearings, but It also dis- 
closed to America and to the whole world everything that had been said 
and shown at all the previous Army and Navy investigations. Most of the 
Information that was thus disclosed had been, and much of It still was 
Top Secret ; yet all of these precious secrets became matters of public 
Information as a result of the Congressional Investigation. 

There came a day In the Congressional Hearings when the Chief of 
Staff of the United States Army at the time of the Pearl Harbor Attack. 
5-star General George C. Marshall, was called to the witness stand. He 
testified for several long, long days, eight of them in all. Toward the end 
of the second day of his ordeal he was questioned about a letter It had 
been rumored he'd written to Governor Dewey in the Autumn of 1944, 
during the Presidential Campaign. The letter was about codes. With 
frozen face. General Marshall balked at disclosing the whole letter. He 
pleaded most earnestly with the Committee not to force him to disclose 
certain of Its contents, but to no avail. He had to bow to the will of the 
majority of the Committee. I shall now read from Time a bit of information 
which may be new to many of my listeners, especially to those who were 
too* young in December 1945 to be delving into periodical literature or to 
be reading any pages of the dally newspaper other than those on which the 
comics appear. 

Said Time , and I quote: 

*‘U S citizens discovered last week that perhaps their most potent 
secret weapon of World War II was not radar, not the VT fuse, not the 
atom bomb, but a harmless little machine which cryptographers had pain- 
stakingly constructed in a hidden room in Washington With this machine, 
built after years of trial and error, of inference and deduction, crypto- 
graphers had duplicated the decoding devices used in Tokyo Testimony 
N before the Pearl Harbor Committee had already shown that the machine, 
s known as 'Magic' was in uBe long before December 7, 1941, and had . 
given ample warning of the Japs' sneak attack, if only U S. brass hats had 
been smart enough to realize it Now, General Marshall continued the 
story of 'Magic’e’ magic ' 

f \ / 



REF ID : A62856 

AN INTRODUCTION TO CRYPTOLOGY - 1 





1 ‘It had enabled a relatively small U.S Force to intercept a Jap 
invasion fleet, win a decisive victory in the Battle of the Coral Sea, thus 
saving Australia and New Zealand. 

3. ‘It had directed U.S. submarines unerringly to the sea lanes where 
Japanese convoys would be passing. 

2. ‘It had given the U S full advance information on the size of the Jap 
forces advancing on Midway, enabled our Navy to concentrate ships 
which otherwise might have been 3, (XX) miles away, thus set up an ambush 
which proved to be the turning-point victory of the Pacific war 

4. ‘By decoding messages from Japan's Ambassador Oshima in Berlin, 

often reporting interviews with Hitler, it had given onr forces invaluable 
information on German war plans’.** ■ 

Time goes on to give more details of that story, to which I may later re- 
turn but I can’t leave this citation of what cryptology did toward our win- 
ning of World War n without telling you that the account given by Time of 
the achievements of Magic makes it appear that all the secret intelligence 
gained from our reading Japanese messages was obtained by using that 
“harmless little machine” which Time said was used in Tokyo by the 
Japanese Foreign Office. I must correct that error by explaining first 
that Magic was not the name of the machine but a term used to describe 
the Intelligence material to which the machine, among other sources, 
contributes and then by telling you that the secret Information we ob- 
tained that way had little to do with those portions of the Magic material 
which enabled our Navy to win such spectacular battles as -those of the 
Coral Sea and Midway, and to waylay Japanese convoys. The naval parts 
of Magic were nearly all obtained from Japanese naval messages by our 
own very ingenious U.S. Navy cryptanalysts. At that time, I may tell those 
of you who are new, the Army and Navy had separate but cooperating 
cryptologic agencies and activities ; the United States Air Force was not yet 
In existence as an autonomous and separate component of the Armed 
Forces, and work on Japanese, German, and Italian air-force communica- 
tions was done by Army cryptanalysts, admirably assisted by personnel of 
what was then known as the Army Air Corps. 

It Is hardly necessary to tell you how carefully the Magic of World 
War n was guarded before, during, and after the war until the Congres- 
sional Inquiry brought most of It out In the open. Some remaining parts of it 
are still very carefully guarded. Even the fact of the existence of Magic 
was known to only a very few persons at the time of Pearl Harbor — and 
that Is an Important element In any attempt to explain why we were caught 
by surprise by the Japanese at Pearl Harbor in a devastating attack that 
crippled our Navy for many months. Let me read a bit from page 261 of 
the Report of the Majority of the Joint Congressional Investigation of 
the attack: 




4 



REF ID:A62856 

ff F FRIEDMAN 



CONr i DCNTIA f 



"The Magic intelligence was pre-eminently important and the neces- 
sity for keeping it confidential cannot be overestimated However, so 
closely held and top secret was this intelligence that it appears that 
the fact that the Japanese codes had been broken was regarded as of 
more importance than the information obtained from decoded traffic." 



Time says, in connection with this phase of the story of Magic during 
World War n 

“So priceless a possession was Magic that the U S high command 
lived m constant fear that the Japs would discover the secret, change 
their code machinery, force V S cryptographers to start all over again " 

Now I don’t want to over- emphasize the importance of communications 
intelligence m World War IL but I think it warranted to read a bit more of 
what is said about its importance in the Report of the Majority. The 
following is from p. 232* 



“ all witnesses familiar with Magic material throughout the war 
have testified that it contributed enormously to the defeat of the enemy, 
greatly shortened the war, and saved many thousands of lives." 



General Chamberlin, who was General MacArthur’s operations officer, 
or G-3, throughout the war in the Pacific, has written: “The information 
G-2, that is, the intelligence staff, gave me in the Pacific Theater alone 
saved us many thousands of lives and shortened the war by no less than 
two years.” We can’t put a dollars- and- cents value on what our posses- 
sion of comin r meant in the way of saving liveB, but we can make a 
dollars- and- cents estimate of what communications intelligence meant by 
shortening the war by two years, and the result of that estimate is that it 
appears that $1.00 spent for that , sort of intelligence was worth $1,000 
spent for other military activities and materials 

In short, when our commanders had that kind of intelligence in World 
War U they were able to put what small forces they had at the right place, 
at the right time. But when they didn’t have it — and this happened, too, — 
their forces often took a beating. Later on we’ll note instances of each 
type. 

I hope I’ve not tried your patience by such a lengthy preface to the 
real substance of this series of lectures, let’s get down to brass tacks. 
For those of you who come to the subject of cryptology for the first time, 
a few definitions will be useful, in order that what 1 shall be talking about 
may be understood without question. Agreement on basic terminology is 
always desirable in tackling any new subject. In giving you the defini- 
tions there may be a bit of repetition because we shall be looking at the 
same terms from somewhat different angles. 



5 



GONr i DCNT I / rtr 



REF ID : A62856 

AN INTRODUCTION TO CRYPTOLOGY - 1 




First, then, what is cryptology? Briefly, we may define it as the 
doctrine, theory, or branch of knowledge which treats of hidden, dis- 
guised. or secret communications. You won't find the word in a small 
dictionary. Even Webster’s Unabridged defines it merely as “secret or 
enigmatical language", and in its “Addenda Section", which presumably 
contains new or recently-coined words, it is defined merely as “the 
study of cryptography". Neither of these definitions is broad or specific 
enough for those who are going to delve somewhat deeply into this science. 

Cryptology has two main branches; the first is cryptography, or, very 
briefly, the science of preparing secret communications, and the second 
is cryptanalysis, or the science of solving secret communications. Let's 
take up cryptography first, because as a procedure it logically precedes 
cryptanalysis: before solving anything there must be something to solve. 

Cryptography is that branch of cryptology which deals with the various 
means, methods, devices, and machines for converting messages in 
ordinary, or what we call plain language, into secret language, or what we 
call cryptograms. Here’s a picture of one of the most famous crypto- 
grams in history. It was the solution of this cryptogram which resulted in 
bringing America into World War 1 on the side of the Allies on 6 April 



■hill 




GEPMM* LEGirlC* 
MEXICO CI*Y 



13C 


13042 


134C 


0 r «Cl 


115 3528 416 


17214 


6491 


11310 


1014" 


18222 


21*5*0 


1 3247 


11518 


23677 


13605 


3494 


14936 


dC 92 


59C5 


11311 


ll 392 


10371 


0302 


21290 


5162 


39693 


3 B " 


1-5C4 


112"° 


182"* 


18101 


0217 


C228 


17694 


4473 


*22e« 


22200 


1°4 e 2 


21589 


67893 


5**89 


13918 


8958 


12237 


1233 


4725 


4452 


59(5 17158 13851 4458 17149 14471 0708 


138 b 1 


2224 


*629 


14991 


7382 


1585" 


57893 


14218 


38477 




1— ■ ’ 


'"l ■* 


5°"C 


5454 


16 C2 


162' 7 


22801 


171S8 


If Ci 


-3-t! 


7 iff 


a'esa 


1B2&2 


(-719 


14331 


15081 


88845 


M 


Z—hg 


220 Jt 


2 1604 


4-97 


94 r 


224e 


20853 


4377 


2V f 


1B14C 


2«»2*C 


59C6 


13347 


20420 


39689 


13732 


80607 


<**« 


6£~- 


'85 


522*2 


134C 


22040 


13339 


11265 


22295 


1C 439 


14014 


4178 


f 992 


8784 


7632 7357 8928 52282 11-87 


211 0 


21272 


9342 


955» 


2*. 4*4 


15874 


1B502 


18500 


18887 


218(5 


53"* 


"381 


98092 


£5127 


13486 


9350 9280 78088 14818 


5144 


2831 


179 a* 


11347 


17142 


11264 


7887 


7768 


LS988 8188 


10462 


67552 


35C9 


367C 













BEPfcSTCm - 



Cberpe Gen an 

Fig 1 - The Zimmerman Telegram 




6 



REF ID:A62856 

ff F FRIEDMAN CONflDCNTIA Ir 



1917, just about six weeks after it was solved. 1*11 tell you about it later in 
this series. 

Cryptography also includes the business of reconverting the crypto- 
grams into their original plain- language form, by a direct reversal of the 
steps followed in the original transformation. This implies that the 
persons involved in both of these bits of business, those at the enciphering 
and sending end, and those at the receiving and deciphering end, have 
an understanding as to what procedures, devices, and so on, will be used 
and exactly how — down to the very last detail. The what and the how of the 
business constitutes what is generally referred to as the key . The key may 
consist of a set of rules, alphabets, procedures, and so on; it may also 
consist of an ordinary book which is used as a source of keys; or it may 
be a specialized book, called a code book That cryptogram I just showed 
you was made by using a book — a German codebook. 

To encrypt, is to convert or transform a plain-text message into a 
cryptogram by following certain rules , steps , or processes constituting the 
key or keys and agreed upon in advance by the correspondents, or fur- 
nished them by higher authority. 

To decrypt is to reconvert or to transform a cryptogram into the 
original equivalent plain-text message by a direct reversal of the 
encrypting process that is, by applying to the cryptogram the key or keys, 
usually in a reverse order, employed in producing it. 

A person who encrypts and decrypts messages by having in his posses- 
sion the necessary keys, is called a cryptographer, or a cryptographic clerk. 

Encrypting and decrypting are accomplished by means collectively 
designated as codesand ciphers. Such means are used for either or both of 
two purposes (1) secrecy, and (2) economy. Secrecy usually is far more 
important in diplomatic and military cryptography than economy, but it 
is possible to combine secrecy and economy in a single system. Persons 
technically unacquainted with cryptology often talk about “cipher codes”, 
a term which I suppose came into use to differentiate the term “code” as 
used in cryptology from the same term as used in other connotations, as, 
for example, the Napoleonic Code, a traffic code, a building code, a code 
of ethics, and so on. Now, in cryptology, there is no such thing as a 
“cipher code”. There are codes and there are ciphers, and we might as 
well learn right off the differences between them, so that we get them 
straightened out m our minds before proceeding further. 

In ciphers, or in cipher systems, cryptograms are produced by apply- 
ing the cryptographic treatment to Individual letters of the plain-text 
messages, whereas, in codes, or in code systems, cryptograms are 
produced by applying the cryptographic treatment generally to entire 
words, phrases, and sentences of the plain-text messages. More spe- 
cialized meanings of the terms will be explained in detail later, but in a 
moment I’ll show you an example of a cryptogram in cipher and one in code. 



7 



CONriDCNT I A tr 



REF ID : A62856 

AN INTRODUCTION TO CRYPTOLOGY - I 



A cryptogram produced by means of a cipher system is said to be in 
cipher and is called a cipher message, or sometimes, simply a cipher The 
act or operation of encrypting a cipher piessageis called en< iphenng, and 
the enciphered version of the plain text, as well as the act or process it- 
self, is often referred to as the encipherment. A cryptographic clerk who 
performs the process serves as an encipherer. The corresponding terms 
applicable to decrypting cipher messages are deciphering, decipherment, 
decipherer. 

A cryptogram produced by means of a code system is said to be tn 
code , and is called a code message The text of the cryptogram is referred 
to tus code text This act or operation of encrypting is called encoding, and. 
the encoded version of the plain text, as well as the act or process itself, 
is referred to as the encodement The clerk who performs the process 
serves as on encoder The corresponding terms applicable to the decrypting 
of code messages are decoding, decodement, and decoder. A clerk who en- 
codes and decodes messages by having in his possession the pertinent 
code books is called a code clerk. 

Technically, there are only two distinctly different types of treatment 
which may be applied to written plain text to convert it into a cipher, 
yielding two different classes of ciphers. In the first, called transposition, 
the letters of the plain text retain their original identities and merely 
undergo some change in the relative positions, with the result that the 
original text becomes unintelligible. Here’s an authentic example of a 
transposition cipher, I call it authentic because it was sent to President 



Fig 2 




8 




REF ID : A62856 

W. F. FRIEDMAN C ON FIDE N TI AL 

Roosevelt and the Secret Service asked me to decipher It. Imagine my 
chagrin when I had to report that It says “Did you ever bite a lemon?” 
In the second, called substitution , the letters of the plain text retain their 
original relative positions, but are replaced by other letters with different 
sound values, or by symbols of some sort, so that the original text 
becomes unintelligible. 

Nobody will quarrel with you very hard If you wish to say that a code 

system Is nothing but a specialised 
form of substitution; but It's best 
to use the word “code" when a code 



RUMRICH SPY CASE 

(GUENTHER GUSTAVE RUMRICH ET -AL) 



PHOTOGRAPHIC COPT OF THE CIPHER 
WITH THE GEHMAN AND ENGLISH 
DECIPHERING INTERLINED 

■ 'fj.-t — *-H t"t- 



LIEBE J ENNIE NACH MISS MOOQ 
DEAR JENNIE PLEASE 00 TO MISS MOOR 






GEH BITTE AM ABFAHRTSTAG ZWlSGHEN 
ON THE OAT OP DEPARTURE BETWEEN 



3- 9 UHR DANN 1ST DER DOKTOR NIGHT 
3 - 5 O’CLOCK THEN THE DOCTOR WILL NOT BE 

-"sz'ip y 



DA DER SOLL VON DER SACHE NIGHTS 

HE IS NOT TO KNOW ANYTHING. ABOUT 77* 



t-liir 



Wl SSEN DEI N KARL 
MATTER YOUR KARL 




Ml « 

r*rt i ii t h- 
f— jr t m 

w m n 
I »M -I 

*■ 

a*!* i-imj 
I-My 

smuaPdL 



Fig. 3 



book is Involved, and to use “sub- 
stitution cipher" when a literal sys- 
tem of substitution is ued. 

It Is possible to encrypt a mes- 
sage by a substitution method and 
then to apply a transposition method 
to the substitution text, or vice 
versa. Combined traspositlon-sub- 
stliutlon ciphers do not form a third 
class of ciphers; they are only oc- 
casionally encountered In military 
cryptography. Applying a cipher to 
oode groups Is a very frequently 
used procedure and we'll see cases 
of that too. 

Here’s an example of a substitu- 
tion cipher, and a very simple one. 
It was found on a German spy in 
World War n. Here's the cipher 
alphabet; here's the plain text which 
happened to be In German; and here’s 



the cipher text or encipherment. 

Now for an example of a cryptogram In code. On the following page 
Is a plain-text message In the handwriting of President Wilson, to his 
special emissary In London, Colonel House. Also contained on the 
next page Is the cryptogram after the plain text was encoded by Mrs. 

-Wilson. The President then himself typed out the final message on his 
own typewriter, for transmission by the Department of State. It would 
appear that President Wilson lacked confidence In the security of the 
Department of State’s methods — and maybe with good reason, as may be 
seen In the following extract from a letter dated 14 September 1914 
from the President to Ambassador Page In London: “We have for some 
time been trying to traca the leaks, for they have occurred frequently, 
and we are now convinced that our code Is In possession of persons at 



9 



: AN INTRODUCTION TO CRYPTOLOGY - I 



tut ^ 0tm*r 

StArvnj£ CfiXs 

^ ■&- 

S 2 fSf' cj*£& "rf* 



#■ v t 

4 ^ £—nui*i- <u jC~*r-£- 

^t4-£ d w a <» «w Mb. 

^ hyfrr 

tfl* <- ^/us*S— »/ 

^ 1 
4*-- J«u^A<vc^ 



3 J0o'g~-33iJl —3/100- 

(' 7 c ?o(, - SZot+o - 2 Zff+-£l</ *■/ 

I ijji.- 'Xj>tfi\-Lro'l*.-3' , fr 0 +-7’2blo 
Jo***'- 6 ? 6/3 

yfr 3 4-a -2***3 -tez//-/?Yo Z 

Jf 7/ ^ -Z*w*ii.o -lCM-Ufe>Y-4?/33 

i »**.-//« *»- «/y -***-»*« 
J * 4 4 6 -/;ro 3 -m^* /zo -* M3 ° 
2 zua-m *<’ 'V/■ ^ i' - * // ■ ^ • <i, ~ ? e, ° * 



intermediary points. We are going to take thoroughgoing measures.” | 
Perhaps one of the measures was that the President got himself a code of 
his own. I must follow this up some day. 

A cipher device is a relatively simple mechanical contrivance for 
encipherment and decipherment, usually “hand-operated”, or manipulated 
by the fingers, as for example, a device with concentric rings of alphabets, 
manually powered. On the next page is an example — a cipher device with 
such rings. I’ll tell you about it later. A cipher machine is a relatively 
complex apparatus or mechanism for encipherment and decipherment, 
usually equipped with a typewriter keyboard and generally requiring an 
external power source. Modern cryptology, following the trend in mech- 
anization and automation in other fields, now deals largely with cipher 
machines, some highly complicated. Also pictured on next page is a 
modern cipher machine with keyboard and printing mechanism. 

One of the expressions which uniformed laymen use, but which you 
must never use. Is “Me German code”, or “Me Japanese code”, or 
"the Navy cipher”, and the like. When you hear this sort of expression 
you may put the speaker down at once as a novice. There are literally 
hundreds of different codes and ciphers in simultaneous use by every 
large and important government or service, each suited to a special 
purpose, or where there is a multiplicity of systems of the same general 
nature, the object is to prevent a great deal of traffic being encrypted in 
the same key, thus overloading the system and making it vulnerable to 



CONFIDENT I AL— 



10 






REF ID : A62856 

CONFIDENTIAL AN INTRODUCTION TO CRYPTOLOGY - I 



attack by methods and procedures to be mentioned m broad terms 
In a few moments. 

The need for secrecy in the conduct of Important affairs has been 
recognized from time immemorial. In the case of diplomacy and organized 
warfare this need is especially important in regard to communications. 
However, when such communications are transmitted by electrical means 
they can be heard or, as we say, intercepted, and copied by unauthorized 
persons, usually referred to collectively as the enemy. The protection 
resulting from all measures designed to deny to the enemy information of 
value which may be derived from the interception and study of such 
communications is called communication security, or, for short, comsec . 

In theory, any cryptosystem except one, to be discussed in due time, 
can be attacked and “broken”, i.e., solved, if enough time, labor, and 
skill are devoted to it. and if the volume of traffic in that system is 
large enough. This can be done even if the general system and the 
specific key are unknown at the start. You will remember that I prefaced 
my statement that any cryptosystem can be solved by saying "in theory,’' 
because in military operations theoretical rules usually give way to prac- 
tical considerations. 

That branch of cryptology which deals with the principles, methods, 
and means employed in the solution or analysis of cryptosystems is called 
cry ptanaly tics. The steps and operations performed in applying the principles 
of cryptanalytics constitute cryptanalysis To cryptanalyze a cryptogram is to 
solve it by cryptanalysis. A person skilled in the art of cryptanalysis is 
called a cryptanalyst, and a clerk who assists in such work is called a 
cryptanalytic clerk. 

Information derived from the organized interception, study, and 
analysis of the enemy’s communications is called communication intelligence, 
or., for short, comint Let us take careful note that comini and comsfc 
deal with communications. Although no phenomenon is more familiar to 
us than that of communication, the fact of the matter is that this magic 
word means many things to many people. A definition of communication 
that is broad enough for our purposes would be that communication deals 
with intelligent messages exchanged between intelligent beings. This implies 
that human beings, and human operators are involved m the preparation, 
encryption, transmission, reception, decryption, and recording of mes- 
sages which at some stage or stages are in written form and in some 
stage or stages are in electrical form as signals of one sort or another 
But in recent years there have come into prominence and importance 
electrical signals which are not of the sort I’ve just indicated. They do 
not carry “messages” in the usual sense of the word, they do not convey 
from one human being to another an intelligible sequence of worfis and an 
intelligible sense. I refer here to electrical or electronic signals such 
as are employed in homing or directional beacons, in radar, in tele- 



CONFlDCNT Ift t 



12 



REF ID:A62856 

W F. FRIEDMAN CONriDCHTlA b 



metering or recording data of an electrical or electronic nature at a 
distance, and soon. Information obtained from a study of enemy electronic 
emissions of these sorts is called electronic intelligence, or, for short, 
elint The particular or specialized study of enemy radar signals is 
called radint All these, comint, elint, radint comprise sigint, that is, 
signal intelligence . Cryptology is the science which is concerned with all 
these branches of secret signalling. 

In this series of lectures we shall be concerned only with comsec and 
comint, leaving for others and for other times the subjects of elint, 
radint, and so on. This means that we shall deal with communications or 
messages 

Communication may be conducted by any means susceptible of ultimate 
interpretation by one of the five senses, but those most commonly used 
are seeing and hearing. Aside from the use of simple visual and auditory 
signals for communication over relatively short distances, the usual 
method of communication between or among individuals separated from 
another by relatively long distances involves, at one stage or another, the 
act of writing or of speaking over a telephone. 

Privacy or secrecy in communication by telephone can be obtained by 
using equipment which affects the electrical currents Involved in telephony, 
so that the conversations can be understood only by persons provided 
with suitable equipment properly arranged for the purpose. The same thing 
is true in the case of facsimile transmission (i.e.. the electrical trans- 
mission of ordinary writing, pictures, drawings, maps). Even today there 
are already simple forms of enciphered television transmissions. En- 
ciphered facsimile is called cifax, enciphered telephony, cipiiony, and 
enciphered television, civision. However, these lectures will not deal 
with these electrically and cryptanalytically more complex forms of 
cryptology We shall stick to enciphered or encrypted writing — which will 
be hard enough for most of us. 

Writing may be either visible or invisible. In the former, the char- 
acters are inscribed with ordinary writing materials andean be seen with 
the naked eye; in the latter, the characters are inscribed by means or 
methods which make the writing invisible to the naked eye. Invisible 
writing can be prepared with certain chemicals called sympathetic or 
secret inks, and in order to “develop” such writing, that Is, make it 
visible, special processes must usually be applied. Shown on the next 
page is an interesting example — the developed secret-ink message that 
figured in an $80,000,000 suit won by two American firms against the 
German Government after World War I sabotage was proved. There are 
also methods of producing writing which is invisible to the naked eye 
I because the characters are of microscopic size, thus requiring special 
microscopic and photographic apparatus to enlarge such writing enough to 



13 



COHriPCNT I A t: 



REF ID : A62856 

AN INTRODUCTION TO CRYPTOLOGY - 1 




Fig. 8 



conrincmw — 



14 






















REF ID:A62856 



W. F. FRIEDMAN 



CONFIDENT I AL 



rt 



*raV^, 

— r M 

Vmafltowt 



*,£■••* •• '• 
»* v 






■■^•.^W'ui 



♦**1 " ■I » 



make It visible to the naked eye. 
Here’s an example — a code message 
-in a space not much larger than the 
t " ZlZ “ i.~ : j_\, head of a pin. A simple definition of 

^ZC2~: secret writing would be to say that 

* L it comprises invisible writing and 



•• - 



aB4-m.blw%.Mi<n^ar ' 



v - V 

*• - -* ** 






m kasaaa mf 'em »>i 



*»“*» +■•+ ■»*■**■• EV**"" *y 
— «*taa^>e. 






•r- • 



_1“ „ unintelligible visible writing. 

There is one additional piece of 
* •?*£ basic Information which It Is 'wise 
to call to your attention before we 
proceed much further, and Tllbegln 
by stating that the greatest and the 
most powerful Instrument or weapon 
ever forged and improved by manln 



V » ^ . 1 

- «ifc «- » 

_ ». «« ' *-»x * . 

TZZ.Z ZZZ . Z TT . - -*V- -*■ ~ 

1 7» 11 ' ****** W 


zzzz£z?rzi — 1 

*i. 



«M r »f9f4ia 



wiaiy pHi iw«»- 



m 4 m Mika 






IMiaAn^aAnH 9 — hit* 
» Ivn 

7** at'fX)*) 



- f r — •'k — 
hMayawmwMM^M* 

•*■**«. 



m i ^* V k4*ahfr»«Mi« 






WV«^a»a M a riHf 






~r2SL'3Srr , rt , "- 1 ZZZZZ' i^ 8 lon 8 Struggle far emancipation 

from utter dependence upon his own 
environment is the weapon of lit- 
eracy— a mastery of reading and 
writing; and the most important 
Invention, the one that made the 
weapon of literacy practical, was the 
invention of the alphabet It Is there- 
fore a rattier striking anomaly that 
we should now come to the study 
*^"' , **“*^" 1 H*Mi *• ~onf — , J of another weapon— a counter-weap- 

on to the weapon of literacy — the 
weapon of secrecy, the basic Intent of 
which is to thwart the weapon that 
man struggled so long to forge. 
‘Secrecy is applied to make writing 
more difficult and the reading of 
of the writing very difficult, if 
not Impossible. v_ 

Perhaps this Is a good place to 
do a bit of theorizing about this matter of secrecy and what It implies. 

Every person who enciphers a piece of writing, a message, or a text 
of any kind, for the purpose of hiding something or of keeping something 
secret, does so with the idea that some other person, removed from him 
in distance, or time, or both. Is intended to decipher the writing or 
message and thus uncover the secret which was so bidden. A person 
may possess a certain piece of knowledge which he does not wish to 
forget, but which he’ is nevertheless unwilling to commit to open writing, 
and therefore he may jot it down in cryptic form for himself to decipher 
later, when or if the Information is needed. The most widely known 



' -_i jUmiuLe » U*-i Xlm ■ 

/tf Jill* viln iiii|m , .ihI ( 

fib. s 




15 



REF ID : A62856 

i 

CONflDCHTIAfc- AN INTRODUCTION TO CRYPTOLOGY - 1 



example of such a cryptogram is 
found in Edgar Allan Poe’s romantic 
tale The Gold Bug. That sort of 
usage of cryptography, however, is 
unusual. There are also examples 
of the use of cipher writing to 
establish priority of discovery, as 
did the astronomers Galileo and 
Huygens. Here's a picture which 
shows both examples. I suppose I 
should at least mention another 
sort at cryptic writing famous in 
literary history, the diaries of per- 
sons such as Samuel Pepys and 
William Byrd. These are commonly 
regarded as being "in cipher", but 
they were actually written in a more 
or less private shorthand and can 
easily be read without the help of 
cryptanalysis. On the next page is 
a page of Pepys diary. 

Now there can be no logical 
reason, point, or purpose in taking 
the time and trouble to encipher anything unless it is expected that some 
other person is to decipher the cipher some time in the future. This 
means that there must exist same very direct, clear-cut and unambiguous 
relationship between the enciphering and deciphering operations. Just 
what such a relationship Involves will be dealt with later, but at this 
moment all that it is necessary to say is that in enciphering there must 
be rules that govern or control the operations, that these rules must 
admit of no uncertainty or ambiguity, and that they must be susceptible 
of being applied with undevlatlng precision, since otherwise it will be 
difficult or perhaps impossible for the decipherer to obtain the correct 
answer when he reverses the processes or steps followed in the encipher- 
ment. This may be a good place to point out that a valid or authentic 
cryptanalytlc solution cannot be considered as being merely what the 
cryptanalyst twnks or says he thinks the cryptogram means, nor does the 
solution represent an opinion of the cryptanalyst. Solutions are valid only 
insofar as they are objective and susceptible of demonstration or proof 
employing scientifically acceptable methods or procedures. It should 
hardly be necessary to indicate that the validity of the results achieved 
by cryptanalytlc studies of authentic cryptograms rests upon the same 
sure and well-established scientific foundations, and is reached by the 
same sort of logic as are the discoveries, results, or "answers" 



It Is tla for ss to disclose the esUiod of 
reading the letters ehloh aom soaks since x sent 

n as an nnng-na. It Is tins not, i mu, after 
its bacon quits certain about the totter, as 
ssoh so that 1 hate no longer oven a shades of 

*"***« nerds stitch I asst oltb tnslr loiters 
transposed, and nbloh said. 

Hum laUura a m hi frustis legimtur. e y 
non reduced to, their proper order, read thus. 
CyitUlae figures asmilatur aster asorus 
The Bother of the Loves rivals the ptaus of 
Cynthia that la. ' 

/aaus 1 alleles Uie phases of the Moon ■ 



and this Is that very hypothesis which. In 
Ilia year MM, on the 88th day of torch, X put forth 
In eenruaed letters together el lb nor observation an 



nnnppqrrsttlttuuuuu, which, being 
restored to their proper places , signify the roilew* 
log 

Annuls etngltar. tenul, piano, niueoia 
cohaaiwnto, ed oellptlcas incline to * 

(It Is encircled by a ring, thin plana, 
nowhere attached. Inclined to the ocllptla J 



FIs. 10 



CONFIDENTIAL 



16 



REF ID : A62856 

W. F. FRIEDMAN "© 



Cf . 

• ; — i a- ». r /> f- - / n, J s 

'• * - ' 1 ► v 4 »- ' ’ \ J ) s 4 - v «- 

/-i ^ y / ^ > *■ ••’A Z 1 jw 0 ^ 

1 l-f 1 / A"* lAyJr / • * i' *» * y / f ft ~0 

•> vr- r*“ nr" • ' */ /I ^ ^ -<•••*• /vj ^ 

, r *• ' '* '- -'*■ •" >/ J / l /.« 



' *• /. »• JJ / l /ft 

A ^ . «/»> Ifl yi , ~ r , 

/ A// *•/(. i ^ - -• vt‘ t i‘ 



- -t i) J 



✓ - 
i 2 * ' 



% . «/ « t ■* - &* lU - ^ i J 

> ( *■ 






/ r / 

i- l; , » / r - 1/ - J- 

-• / -I*- / r' y * C* - 



w _ 4 i 






, i, ^ s ^ ~ 

1 4 1 / I"* / 1 -A/ J- ’ ^ <« i» //.■»••• 

~ ' / J -V *■ »- ’ ' * & 

- , 3 »■ A - < r •" Y > ■*“- 

. _ (I* r' X A — «Adr-ud>- <— 

>• .' y> > * „ 

, f . , *./ ■> r - - 1 > -*t - ( 

„ J , ^ <1 ? A > *> * - * ' 1 - 

f Z . t f - v ' ^ / r J ' 7 1 

_ . *».» /HaAt^IT l f -*■ / ' " T * ."V * 

' v . ,. 4^_ -V »-V - * ^ 

■‘ 



^ ^ * __ ^ ^r 

^ v » I * r — '-r f r- 
? J 1 ^ A -r * -X * - ' 

f ^ J A f A - ■»■» •* ^ - “ 

V HMf-t ^ *> » 7 ^ ./ ^ 

, /w^ r * ! - ’ ~ ( * ' *r 

t J At "( I ' •v'* * ^ w J V “ " ♦ 





Fig. n 



17 



COMFIDEMTIAfe- 



REF ID : A62856 

CONF I DENTIAL A N INTRODUCTION TO CRYPTOLOGY - I 



achieved by any other scientific studies, namely observation, hypothesis, 
deduction, induction, and confirmatory experiment. Implied in what I 
have just said is the tacitly understood and now rarely explicitly stated 
assumption that two or more, equally competent and, if necessary, 
specially qualified investigators, each working independently upon the 
same material, will achieve Identical or practically identical results. 

Cryptology is usually and properly considered to be a branch of mathe- 
matics, although Francis Bacon considered it also a branch of grammar 
and what we now call linguistics. Mathematical and statistical considera- 
tions play an ever-increasing and prominent role in practical cryptology, 
but don’t let my statement of this point frighten those of you who have not 
had much formal instruction in these subject. We have excellent cryp- 
tologists who have never studied more than arithmetic, and some of our 
best ones would hide if you were to go searching for mathematicians 
around here. What is needed is the ability to reason logically, as the 
mathematician sometimes does, and this ability is found in the most 
curious sorts of persons and places. So those of you who are frightened 
by the words mathematics and statistics take heart — you’re not nearly 
so badly off as you may fear. 

But now to return to the main theme, the place mathematics occupies 
in cryptology, let me say that just as the solution of mathematical prob- 
lems leaves no room for the exercise of divination or other mysterious 
mental or psychic powers, so a valid solution to a cryptogram must 
leave no room for the exercise of such powers. In cryptologic science 
there is one and only one valid solution to a cryptogram, just as there is 
but one correct solution or “solution set” to any problem in mathematics. 
But perhaps I’ve already dwelt on this point too long, in any case, we’ll 
come back to it later, when we come to look at certain types of what we 
may call pseudo-ciphers. 

In the next lecture I’m going to give you a brief glimpse into the 
backgroud or history of cryptology, which makes a long and mteresting 
story that has never been told accurately and in detail. The history of 
communications security, that is, of cryptography, and the history of 
communications Intelligence, that is, of cryptanalysis, which are but 
opposite faces of the same coin, deserve detailed treatment, but I am 
dubious that this sort of history will ever be written because of the curtain 
of secrecy and silence which officially surrounds the whole field of 
cryptology. Authentic information on the background and development of 
these vital matters having to do with the security of a nation is under- 
standably quite sparse. 

But in the succeeding lectures I’ll try my best to give you authentic 
information, and where there’s conjecture or doubt I’ll so indicate. I must 
add, however, that in this series I’m going to have to omit many highly- 
interesting episodes and bits of information, not only because these 



CONFIDENTIA L: 



18 



REF ID:A62856 

W F FRIEDMAN 



CONr i DCNT I A f 



. lectures are of low classification, but also because we won’t and can’t 
(for security considerations, go beyond a certain period in cryptologic 
history. Nevertheless. I hope you won’t be disappointed, and that you’ll 
learn certain things of great interest and importance, things to remember 
if you wish to make cryptology your vocation in life. 




19 



CONriDCHTIA tr 



REF ID:A62856 



CO N r i PCNT I A t 



An Introduction to Cryptology— II 

BY WILLIAM F FRIEDMAN 
Confidential 

In this lecture, the author describes the earliest attempts at crypt- 
ography — from the invention of the art of writing to Bacon's “Bi-literane” 
cipher. 

As I said at the close of the preceding lecture, a bit of history is 
always useful in introducing a subject belonging to a special and not 
too well known field; therefore, I’ll proceed with some historical 
information about cryptology, which, as you learned before, comprises 
two closely related sciences, namely, cryptography and cryptanalysis. 
I will repeat and emphasize that they are but opposite faces of the 
same valuable coin; progress in one inevitably leads to progress in the 
other, and to be efficient in cryptology you must know something 
about each of them. 

Cryptography and cryptanalysis probably go back to the dawn of 
the invention and development of the art of writing itself. In fact, 
there is reason for speculating as to which came first — the invention of 
writing or the invention of cryptography; it’s somewhat like the ques- 
tion as to which came first — the hen or the egg. It is possible that 
some phases of cryptography came before the art of writing had 
advanced very far. 

I’ve mentioned the art of writing. As in the case of other seemingly 
simple questions, such as, “why is grass green?’’, when we are asked to 
define writing we can’t find a very simple answer, j'ust because the 
answer isn’t at all simple. Yet, Breasted, the famous University of 
Chicago historian and Orientalist, once said: “The invention of 
writing and of a convenient system of records on paper has had a 
greater influence in uplifting the human race than any other intel- 
lectual achievement m the career of man.” There has been, in my 
humble opinion, no greater invention in all history. The invention of 
writing formed the real beginning of civilization. As language dis- 
tinguishes man from other animals, so writing distinguishes civilized 
man from barbarian. To put the matter briefly, writing exists only 
in a civilization and a civilization cannot exist without writing. Let 
me remind you that animals and insects do communicate — there’s no 
question about that; but writing is a thing peculiar to and found only 
as a phenomenon in which man and no animal or insect engages, and 
let’s never forget this fact. Mankind lived and functioned for an 



15 



^OHr i DCNT I A t 



REF ID:A62856 

INTRODUCTION TO CRYPTOLOGY 




enormous number of centuries before writing was discovered and there 
is no doubt that writing was preceded by articulate speech for eons — 
but civilization began only when men got the idea of and invented the 
art of writing So far as concerns Western or Occidental civilization, 
writing is in essence, a means of representing the sounds of what we 
call speech or spoken language Other systems of writing were and 
some still are handicapped by trying to represent things and ideas by 
pictures I’m being a bit solemn about this great invention because I 
want to impress upon you what our studies in cryptology are really 



THE MAGIC 

as u ull 1^-- w^now 

U know-- is©? every pre^R) z U a j 

must 

spacious ti**.have ill a o it, here the ^ 

a thoOg who pfter here 

may c jfhen^H as come 2 . a. They c the 

of they could jfuSk ^come, [D they 
kind of Q whose |j?j th^^fa gentle 

■^kg^ness; who know the of the^^J] of ^j- 

4^4 frf who‘^ ^rt new ^pe, new ^age & nu 
ch.g£0^z ^ a whom they come n^>. 

This s soon, nod^, ull c) is ojjlll 
a magic *P-- a litl # hard z find,^L^l z w 
f|f^|j| R |P' £ ” never ||jj^ never reach: the ^^>en^ of 
gracious ^ 



. b<<t 



The 



lii ^ the 



ie we sis^with nearby frijJJ; 

the^'Vj tJL we h<^ C^or wave © ,^7 1 ^ if- fr- 
ab© T^-^thSp f Jj) us a the st/of 



utme. j^«y we £=®nd 

Fig. 1. 




16 



REF ID:A62856 

w p friedman CONr i DCHTIA t- 

intended to do, namely, to defeat the basic or intended purpose of 
that great invention: instead of recording things and ideas for the 
dissemination of knowledge, we want and strive our utmost to prevent 
this aim from being realized, except among our own brethren and under 
certain special circumstances, for the purpose of our mutual security, 
our self-preservation And that’s important. 

Writing is a comparatively new thing in the history of mankind. 
No complete system of writing was used before about 3500 B.C. 

Ordinary writing, the sort of writing you and I use, iB perhaps an 
outgrowth or development of picture writing or rebus writing, which 
I’m sure most of you enjoyed as choldren. A rebus contains features 
of both ordinary and cryptographic writing; you have to “decrypt” 
the significance of some of the symbols, combine single letters with 
syllables, pronounce the word that is represented by pictures, and 
so on. Figure 1 is an example which I have through the courtesy of 
the Bell Telephone Laboratories. See how much of it you can make 
out in half a minute. 

From rebus writing there came in due course alphabetic writing and 
let me say right now that the invention of the alphabet, which ap- 
parently happened only once in the history of mankind, in some 
Middle East Semitic region, m or near the Palestme-Syria area, then 
spread throughout the whole of the European continent, and finally 
throughout most of the world, is Western man’s greatest, most 
important, and most far-reaching invention because it forms the 
foundation of practically all our written and printed knowledge, 
except that in Chinese. The great achievement of the- invention of 
the alphabet was certainly not the creation of the signs or symbols. 
It involved two brilliant ideas. The first was the idea of representing 
merely the sounds of speech by symbols, that is, the idea of what we 
may call phoneticization, the second was the idea of adopting a system 
in which, roughly speaking, each speech Sound is denoted or repre- 
sented by one and only one symbol Simple as these two ideas seem to 
us now, the invention was apparently made, as I’ve said, only once and 
the inventor or inventors of the alphabet deserve to be ranked among 
the greatest benefactors of mankind It made possible the recording of 
the memory of mankind in our libraries, and from that single inven- 
tion have come all past and present alphabets Some of the greatest 
of men’s achievements we are now apt to take for granted; we seldom 
give them any thought The invention of the art of writing and the 
invention of the alphabet are two such achievements and they are 
worth pondering upon. Where would we be without them? Note 
that among living languages Chinese presents special problems not 
only for the cryptologist but also for the Chinese themselves. No 



17 






REF ID : A62856 

■ £OHriDEHTIA b- introduction to cryptology 

Sinologist knows all the 80,000 or so Chinese symbols, and it is also 
far from easy to master merely the 9,000 or so symbols actually 
employed by Chinese scholars How far more simple it is to use only 
20 to 26 symbols' Bemg a monosyllabic language, it seems almost 
hopeless to try to write Chinese by the sort of mechanism used in an 
alphabetic polysyllabic language, attempts along these lines have 
been unsuccessful and the difficulties in memorizing a great many 
Chinese characters account for the fact that even now only about 10 °c 
of the Chinese people can read or write to any significant degree 
The spread of knowledge m China is thereby much hampered 

We find instances of ciphers in the Bible In Jeremiah Chapter 25, 
Verse 26 occurs this expression “And the King of Sheshakh shall 
drink after them ” Also, again in Jeremiah 51 41 “How is Sheshakh 
taken 1 ” W T ell, for perhaps many years that name “Sheshakh” re- 



Jeremlah 



25 : 26 

. and the king of Sheshakh shall drink after 
them." 



jeremlah^51^. |£ eahaJch taken! ... how Is Babylon become 
an astonishment among the nations! 



11 

fti 

■> 

L 

12 



10 0 
I T 

* 



8 

Ch 

ft 



7 

Z 

1 



5 4 
H D 

ft *T 



3 2 1 

G B A 

* 



13 14 15 16 17 18 19 20 21 22 



Sh(e)Sh(a)Kh * BBL - Babel = Babylon 



300 


30 


3 


200 


20 


2 


100 


10 


1 


Sh 


L 


G 


R 


K 


B 


Q 


I 


A 


600 


60 


6 


500 


50 


5 


400 


40 


4 


*M 


S 


V 


*K 


N 


H 


Th 


U 


D 


900 


90 


9 


800 


80 


8 


700 


70 


7 


*Tz 


Tz 


T 


#p ’ 


P 


Ch 


#N 


1 0 


Z 



L— * a,i L_ = 1,10 

C*. D » 4 CH = M,40 



= Q»100 
OTh,400 



Fig. 2. 



{OHriDCHTIA tr 



18 




REF ID : A62856 

W F FRIKDMAN COHFIDENTIA fc 

mamed a mystery, because no such place was known to geographers 
or historians But then it was discovered that if you write the 
twenty-two letters of the Hebrew alphabet m two rows, eleven m one 
row and eleven in the other, as m Fig 2, you set up a substitution 
alphabet whereby you can replace letters by those standing opposite 
them For example, “Shin”, is represented by “Beth” or vice versa, 
so that “Sheshakh” translates “Babel”, which is the old name of 
“Babylon ” Hebrew then did not have and still doesn’t have vowels, 
they must be supplied This is an example of what is called 
ATHBASH writing, that is, where Aleph, the first letter is replaced by 
Teth, the last letter, Beth, the second letter, by Shm, the next-to-the- 
last, etc By shding the second row of letters one letter each time 
there are eleven different cipher alphabets available for use The old 
Talmudists went in for cryptography to a considerable extent 
Incidentally, in mentioning the Bible, I will' add that Daniel, who, 
after Joseph m Genesis, was an early interpreter of dreams and there- 
fore one of the first psychoanalysts, was also the first cryptanalyst 
I say that he was an early psychoanalyst, because you will remember 
that he interpreted Nebuchadnezzar’s dreams In the Bible’s own 
words, “Nebuchadnezzar dreamed dreams, wherewith his spirit was 
troubled, and sleep brake from him ” But, unfortunately, when he 
woke up he just couldn’t remember those troublesome dreams One 
morning he called for his wise men, magicians, astrologers, and 
Chaldean sorcerers and asked them to interpret the dream he’d had 
during the preceding night “Well, now, tell us the dream and we’ll 
try to interpret it”, they said To which King Nebuchadnezzar 
exclaimed, “The thing is gone from me I don’t remember it But 
it’s part of your job to find that out, too, and interpret it And if you 
can’t tell me what the dream was, and interpret it, things will happen 
to you ” What the king asked was a pretty stiff assignment, of 
course, and it’s no wonder they failed to make good, which irked 
Nebuchadnezzar no end Kings had a nasty habit of chopping your 
head off in those days if you failed or made a mistake, just as certain 
arbitrary and cruel despots are apt to do even in modern times for 
more minor infractions, such as not following the Party Line So in 
this case it comes as no surprise to learn that Nebuchadnezzar passed 
the word along to destroy all the wise men of Babylon, among whom 
was one of the wise men of Israel, named Daniel Well, when the 
King’s guard came to fetch him, Daniel begged that he be given just 
a bit more time Then, by some act of divination, — the Bible simply 
says that the secret was revealed to Daniel in a night vision — Daniel 
was able to reconstruct the dream and then to interpret it Daniel’s 
reputation was made Some years later, Nebuchadnezzar’s son 
Belshazzar was giving a feast, and, during the course of the feast, in 




19 



REF ID : A62856 



CONF I DENT I AL introduction to cryptology 

the words of the Bible, “came forth fingers of a man’s hand and wrote 
over against the candlestick upon the plaster of the wall ” The hand 
wrote a secret message. You can imagine the spine-chilling scene. 
Belshazzar was very much upset, and just as his father did, he called 
for his wise men, soothsayers, Chaldean sorcerers, magicians and so on, 
but they couldn’t read the message Apparently they couldn’t even 
read the cipher characters 1 Well, Belshazzar’s Queen fortunately 
remembered what that Israelite Daniel had done years before and 
she suggested that Daniel be called in as a consultant Daniel was 
called m by Belshazzar and he succeeded in doing two things He 
succeeded not only in reading the writing on the wall “MENE, 
MENE, TEKEL, UPHARSIN”, but also he was successful m de- 
ciphering the meaning of those strange words His interpretation 
“Mene” — “God hath numbered thy kingdom and finished it ” 
“Tekel” - “Thou are weighed m the balances and found wanting ” 

ingenuity of the most expeit scholars ot the Babylonian court 
Of course it cannot be denied, as Lagarde has pointed out, that 
the ideographic values of these four words, ‘ count, mina, shekel 
and part,’ were undoubtedly signs with which any educated 
Babylonian was familiar (‘ Mittheilungen,’ iv 36+ ) If, how- 
ever, we suppose that the ideograms were written close together 
without any division between the individual words, a style of 
writing we often meet with in the cuneiform inscriptions, thus 

it would be j’ust as hard to read as a iebus and would pnzzle 
the most skillful decipherer The difficulty would have been 
still more increased if the ideograms had been grouped in some 
unusual way, severing the natural connection of the component 
elements , for example, thus • 

fey ^ 

If the signs had been wntten in this mannei it would have 
been almost impossible to ainve at then tine meaning The 
first combination, SID-MA, might have some fifteen different 
meanings, the second group, NA-TU-U, might signify ‘is fit’ 
or ‘suitable,’ while the third and last, BAR-BAR, is capable 
of explanation in a variety of ways ,J Of course, as soon as 
one is told the meaning of the combination, the sentence at 
once becomes clear. ' 

Fig. 3. 

CONFIDE N T I AL 20 



REF ID : A62856 
w v FRIEDMAN CONFIDENTIAL 



“Upharsin” — “Thy kingdom shall be divided and given to the Medes 
and Persians ” Apparently the chap who did the handwriting on the 
wall knew a thing or two about cryptography, because he used what 
we call “variants”, or different values, for in one case the last word m 
the secret writing on the wall is “Upharsm” and in the other it is 
“Peres”, the commentators are a bit vague as to why there are these 
two versions of the word m the Bible. At any rate, Babylon was 
finished, just as the inscription prophesized, it died with Belshazzar 

I think this curious Biblical case of the use of cryptography is 
interesting because I don’t think anybody has really found the true 
meaning of the sentence in secret writing, or explained why the writing 
on the wall was unintelligible to all of Belshazzar’s wise men Figure 3 
is supposed to give the best explanation of the enigmatical sentence 
that has always been considered one of the most obscure of the many 
difficult scriptural, passages which have awakened the interest and 
baffled the ingenuity of scholars You see that this savant thinks 
that the cuneiform ideograms were written without any division be- 
tween the individual words, so that the sentence “would be just as hard 
to read as a rebus and would puzzle the most skillful decipherer ” 
He goes on to say “The difficulty would have been still more increased 
if the ideograms had been grouped m some unusual way, severing the 
natural connection of the component elements If the signs had been 
written in this manner it would have been almost impossible to arrive 
at their true meaning ” But why could Daniel read and interpret the 
writing when his competitors couldn’t 7 This our savant doesn’t 
explain Another savant offers as his explanation of the mystery the 
following hypothesis That the words were written in columns, as 
shown, and that Daniel m solving the mystery read downwards or 
rather down, up, down This explanation doesn’t satisfy me any 
more than the other one 

Probably the earliest reliable information on the use of cryptography 
in connection with an alphabetic language dates from about 900 B C , 
Plutarch mentioning that from the time of Lycurgus there was in use 
among the Lacedemonians, or ancient Greeks, a device called the 
scytale This device, which I’ll explain m a moment, was definitely 
known to have been used in the time of Lysander, which would place 
it about 400 B C This is about the time that Aeneas Tacticus wrote 
his large treatise on the defense of fortification, in which there is a 
chapter devoted specifically to cryptography In addition to mention- 
ing ways of physically concealing messages, a peculiar sort of cipher 
disk is described Also a method of replacing words and letters by 
dots is mentioned 



21 



CONr i DCMT I A b 



REF ID : A62856 

INTRODUCTION TO CRYPTOLOGY 




Figure 4 is a picture of the scytale, one of the earliest cipher devices 
history records The scytale was a wooden cylinder of specific dimen- 




Fig. 4. 

sions around which they wrapped spirally a piece of parchment or 
leather, they then wrote the message on the parchment, unwound it, 
and sent it to its destination by a safe courier, who handed it over to 
the commander for whom it was intended and who, having been pro- 
vided with an identically-dimensioned cyliner, would wind the strip 
of leather or parchment around his cylinder and thus bring together 
properly the letters representing the message This diagram may 
not be accurate I don’t think anyone really understands the scheme 
The writing was done across the edges of the parchment, according 
to some accounts, and not between the edges, as shown here Inci- 
dentally, you may be interested to learn that the baton which the 
European field marshal still carries as one of the insignia of his high 
ofhce derives from this very instrument 

We don’t know much about the use of cryptography by the Romans, 
but it is well known that Caesar used an obviously simple method, all 
he did was to replace each letter by the one that was fourth from it in 
the alphabet F or example, A would be represented by D, B by E and 
so on Augustus Caesar is said to have used the same sort of thing, 
only even more simple each letter was replaced by the one that 
followed it in the alphabet Cicero was one of the inventors of what 
is now called shorthand He had a slave by the name of Tyro, who 
wrote Cicero’s records m what are called Tyronian notes Modern 
shorthand is a development of Tyro’s notation system 

In Fig 5 we see some cipher alphabets of olden times, alphabets 
used by certain historical figures you’ll all remember The first cipher 
alphabet m this figure was employed by Charlemagne, who lived 
from 768 to 814 A D The second one was used in England during the 
reign of Alfred the Great, 871 to 899 The third alphabet is called 
ogam writing and was used in ancient Ireland The alphabets below 
that were used much later in England the fourth one by Charles the 
First, in 1646. the fifth, the so-called “clock cipher”, was used by the 
Marquis of Worcester in the 17th Century, finally, the last one was 
used by Cardinal W 7 olsey m about 1524 




22 



REF ID:A62856 




a fi ctfejgrt'i,Xrfm,n,opqr j t u, w jc y tc, 

OOOOO0OQO0OOOOOQG0OOO0OQ 



if t u *mt on 4*, *7//*/ wp &*Aaj6w*AAv fiaaS cm dtfjAm mf U i a m dmp m o j f 4*m£fa^mmmJmke mp*jftJayxAt 

mAck n/ti/rfrr/au K*t*.i *Ar /a yvitHH mi £c. 

lo * C ) J i _ h*~ =h * -w -v*--*-!)— !j2*p 

■? *as a | STj A — Sj — Jg - Y* 4 — > *A -»- =/- = d.^. 

- - z 1, <rh *d = =h*v/^^ A^a^s =^rh z:^A-)r\ -■*■■»■ f) 



Fig. 5. 

In the Middle Ages cryptography appears first as a method of 
concealing proper names, usually by the simple substitution of each 
letter by the next one in the alphabet, just about as Augustus Caesar 
did hundreds of years before At other times the vowels were re- 
placed by dots, without changing the consonants — a method that was 
used throughout Europe to about 1000 A D , when letters began to be 
replaced by various signs, by other letters, by letters from another 
language, by runes which are found in abundance in Scandinavia, and 
by arbitrary symbols Figure 6 is an example of a runic inscription 
on a stone that stands before Gupsholm Castle near Stockholm, 
Sweden The word rune means “secret” 1 

Within a couple hundred years the outlines of modem cryptography 
began to be formed by the secret correspondence systems employed by 
the small Papal States m Italy In fact, the real beginnings of sys- 
tematic, modern cryptology can be traced back to the days of the 
early years of the 13th Century, when the science began to be ex- 
tensively employed by the princes and chanceries of the Papal States 
in their diplomatic relations amongst themselves and with other 
countries in Europe The necessity for secret communication was 
first met by attempts inspired by or derived from ancient cryp- 
tography, as I’ve outlined so far There was a special predilection for 
vowel substitution but there appeared about this time one of the 



l The author’s caption “A couple of old ruins ” — Ed 



23 

















REF ID:A62856 

INTRODUCTION TO CRYPTOLOGY 



elements which was later to play a very prominent role in all cipher 
systems, an element we now call a syllabary, or a repertory. These 
were lists of letters, syllables, frequently-used parts of speech and 
words, with additions of arbitrary equivalents for the names of 
persons and places. There is still m existence one such syllabary and 
list of arbitrary equivalents which was used about 1236 A D. and there 
are other examples that were used m Venice in 1350 




Fig. S. 



Among examples of ciphers in medieval cryptography is a collection 
of letters of the Archbishop of Naples, written between 1363 and 1365, 
m which he begins merely with Bymbol substitutions for the vowels 
and uses the letters that are actually vowels to serve as nulls or non- 
significant letters to throw the would-be-cryptanalyst off the right 
track. As a final development, the high-frequency consonants L, M, 
N, R, and S, and all the vowels, are replaced not only by arbitrary | 
symbols but also by other letters. 



24 






REF ID:A62856 

w f. FRIEDMAN -C ONF I DENT I AL 



About 1378 an experienced cryptologist named Gabriele Lavinde of 
Parma was employed as a professional by Clement VII and in the 
Vatican Library there is a collection of ciphers devised and used by 
Lavinde about 1379. It consists of repertories in which every letter 
is replaced by an arbitrary symbol. Some of these ciphers also have 
nulls and arbitrary equivalents or signs for the names of persons and 
places. There is a court cipher of Mantua dated 1395 that used this 
system. 

At the beginning of the 15th Century the necessity of having 
variants for the high-frequency letters, especially the vowels, became 
obvious. Figure 7 is an alphabet of that period which is interes ting 
because it shows that even in those early days of cryptology there was 
already a recognition of the basic weakness of what we call single or 



A ue ,4/. Kt tif //< ,<'>*« JV its mm *41 V* 

. '' 4 '/ i/A *-/■ •«>' * */* /// 

c 44 . UA./jfi nt. 23/. d.f 2 . 2 tp, 2 /*, 4**. 4^.44? 4^. tfASttSjt. « 

/ty.vtjjr 4 tr *64. qq, 443. tig 

E s, a 24 . 2 + 241 j 2 ..* jf. 4 /, **. tr.P). <•‘■. 7 ^. //. 22 . *7 *>%**. m.t'v 

. /**. Of.M. *4. 'r/./rftm fsh,i+f. Jet. ity, /n.aiS *44*4?, MIL 

. Ui i&sjA u*. yarn uf* HU.M 7 .JtMP). 
’ A ^ *4*74. vAj»4J?/,J97.'f}4iy,4n4i9, H 2 . 42 x. 4 rs, 413 . 4*1 
M*. 44X.AAJ. 4*1 424,4*4.41^ M ***ft*7. 4 /t. 4M.493L. trf, 

f r ' A **‘ + 1 + STJ.JM, rjjjrtM. iff. 

^ ****» 4 tt*|f^*j^i \mjibkhr. H 4*4,^. 



Fig. 7. 



monoalphabetic substitution, that is, where every letter in the plain- 
text message is represented by another and always the same letter. 
Solution of this type of cipher, as many of you may know, is accom- 
plished by taking advantage of the fact that the letters of an alpha- 
betic language are used with greatly differing frequencies. I don't 
have to go into that now because many of you, at some time or other, 
have read Edgar Allan Poe’s “Gold Bug”, and understand the prin- 
ciples of that sort of analysis. It is clearly shown in the figure that the 
early Italian cryptographers understood the fact of varying fre- 
quencies and introduced stumbling blocks to quick and easy solution 
by having the high-frequency letters represented by more than a 



25 



CO N FIDENTIAL 



REF ID : A62856 
CONF I DENT I AL introduction to cryptology 



single character, or by several characters, as you can see I will add 
that the earliest tract that the world possesses on the subject of 
cryptography, or for that matter, cryptanalysis, is that which was 
written in 1474 by a Neapolitan, whose name was Sicco Simonetta 
He set forth the basic principles and methods of solving ciphers, 
simple ciphers no doubt, but he describes them and their solution m 
a very clear and concise form 

Cipher systems of the type I’ve described continued to be improved 
In Figure 8 is shown what we may call the first complete cipher system 
of this sort There are substitution symbols for each letter, the vowels 
have several equivalents, there are nulls, and there is a small hst of 
arbitrary symbols, such as those for “the Pope”, the word “and”, the 
conjunction “with”, and so on This cipher, dated 1411, was used m 
Venice, and is typical of the ciphers used by the Papal chanceries of 
those days 















i»uf# f>?r «*** 



V mfhASLJ jp«l«w Sb-SagT*.* mojia Jkw) tA, I&MI 



<> 







« /*|V’ St 1 ^ WlAAW 

iW i w f ^ ■ ■ A a- M«v^ACt^«^7 iD 



7* « ■ «■» 1 ?||V i .rw 7 >A^^Y<h/ 




' aWv ^ 






A ’ B C ' 0 ' E F G " H i' I '! L 'M N 0 1 P Q'R.S T U V 



]4 ' 9 I G iT = 1 5 ' 5 1 5 
X f 'HH 



NULIE 


^ = Papa 


b c 3 w 5 


.* = et 


'T Of Ip 


ie = con 


m o p2p 


SP =quo 



1*7*2 
O' * 

, + 



.1 X 



Fig 8. 

The step remaining to be taken m the development of these ciphers 
was to expand the “vocabulary”, that is, the list of equivalents for 
frequently-used words, and syllables, the names of persons and places, 
parts of speech, and so on This step was reached in Italy during the 



CQNriDCNTIA tr 



26 



W. F. FRIEDMAN 



REF ID : A6285 6 

CONflDCNT I AL 







* l < V < f. r 

l* r *\ \ f 

% . 5 

# 

g ■ a 



tl 



% 

y 



y. r ( t* tt 

i* if » t *{ r 

S «“ V f ! 



x v C' t <• a. 



f* f' fr Y 



I «« if t 4. 

- <ne v ^s <f It up* 

ff rr »■ •’n |t Vv 



I • • 



rr « 

«- it 



t\*S4 







'^Mur- 

.K.uctwftuDK 
| .t.W>«nnw 

4" ' 

*5*' ’ 

kf - 

? <£ 



r'WWJ' 

W 

tw 

hi* 

tmw 

f*n«nut 





V-**** 4#ferk&i 



BW 



!**»■ 



, t 

, • - 

TjjjQUrWWtoW*- • ; JWWW 

r/fF'*fw • * N"f 

SS*WM»*il* ^ * JwtMt* 

<■«• ■•• -Q offiwigTOM ~‘ * t . f wlfW 

*. Hjm** fe4*»- 

■ <?*#*• 

I ■‘Wi > o«ap» 

* , -• • <£*»*«* 

* , ^<M>- •* . • oWlW 
■ • Aw 




Vimm. 





•* 


# >s » ' , 




“**U t~ *’ ~*i‘ 


£***. 


r- ' 




V fi V’Vr*'*» , *s. 






; v«7v 


o JL W , 4 # >«r»<f 




• -B, 




*%! 




S!Ri 


b-:-r. 


w **~1 %*#l-*«**i 1* «HLh» 


f* 1 ** 




% i*u 


^ * wT-iaiW * 




>u - 


w*. 


'"***7 a«4wi''«' i*sWfck»ifc* f » 


*■*2- 


Ipfii 


"‘ Cl X 


S’* *T? 


,IM S 


w 




' 


I*uW 


y 


Iw* ’ * 






•bit 




*i*Hft* 


- y 


C 4v*ftn<nrv f<* -nc# 


s C - 


tw( 




pwfem? 


^S* 




v5 **& *»i 


fel 


C-v 








— p«fie 


<« 


^tvw< 






<f! 


1 jf«xA<r 




* 


« 


C^V^n, 


ft«»nr>u 


^*<4v 


m 


iSc*v>^ « 




» 




%u'*4c 


'S4li«f 


iht 





Cftictiwv 

I’'**-* 

' T rrttflM^ 

*> 

~ti« 

Ar., 

s.S. 

. TTW 

Hr - 

dMMt 

TT 

••%• gmiMkm 

. "T^T 

ji+mm * 

vll*, 



AjliWfr 
, <? 

S*m 

,4oire 

u 

u 

fe* 

L 

tm 

iw« 

fc*m . 

‘ W* 

u. 

h-*m 

km* 

• w 

‘ fw*m 
•■ mm 



b.-nitt! <a* 
*»? 

'K*0«m«W titf 

l-Hnuu* xpx 

’'weiu «t 

4™ t 1 

" TV|l#U , 

**^V«-*^p** t 

* {**■ *f «*&■ 

-■sr/s 

'X*g|» MM 

ffwpwu - m *0 



**w 







Fig. 9. 

27 



COHriDCNTIAL 




REF ID : A62856 

CONF I DENTIAL introduction to cryptology 






>*• • 



M 1.1) tontLw v i 1 * j.3 ■* 



L i V t 
-* r 

'T-' * 






t 

iSutviio 



tb <f 
■#- -K 



: fl aiic . j|« /+. 

r:tLu 

t v . ihMi 



Uv.inniA 

Jt \i 'Jim 

"Cup** 

DJOIMP iWW I 



t t \ 

40* 

vioKnuiii 

. f M 

i_ „'<r*rM +****£*, 
■ t 

• *A« L<+** wvutfilf 



Chi ' 

P — MW> 




,, r* 






rVl 


f: 


■ -■ V 


> r‘ 


j r 


:- .. 


f ■ c 


* "i 


i r 

V 


7 


nr 

* 


? 

£ 


■n 


* : 
T" A 

j‘ 7 


y 

% 


*.. a 
? * 


■Jf 11 
"i " . i. * 


7 


?r 


J , 


« *n 


* 




rr 


tr . 


f 


rr* 








*- 


rf A,J 




F. 


& 




f 


h v 








\ 


"W 

•> 


y 


c 


«v 


S' 


*VnV 


£■»*>: 


,L- 




1 
































mjm* 






rtJ.*. 


jM**r 


ac 














- 


4 

•i»-« 


r -4 

► Pi 


.tb 




















-^r 
















-u 


l^Vnh* 


r 

a 4 rw<i 


» i** 

” s 










-. - 


. - .. 


• 'A*- ■ 


Ji’ .1: 


f>r j 


*»6 

#. 








j- 

i; 


'JK 






o Oil 


.**f< 


/nr' 




— >u4t 

O-ndU 

f - ■ * 

! ■ 

. -a j . 

frtncnfm . ' 

W* 



■.'H 

4m 

*■11 

s r 

•IT 

; 

te 

be 

& 

ti; 

ret * 
cr-J 
rt? 
«*.. 
OJi 

ou 

y 
m 



fe- 

ll 

rfc 

A 



nn 






■;r 



7 ^-fc-itinW*! 

A > Cit* rrfpf’nr** 

L 

^ tllCrJlt 

c A**n«f*» 

pgn^KW 

.«p* 

— "y^> iiifl 

*p **« 

- ^“tYU^.W 

•"“♦It*** 

£< 

fi«n 



WV(>' CftKWW** I* 

, Vrm* r*wS* - •* 

fft- 





*iO- — ,Hc^I (IM f*w^ 

*»■ *& fit 

0 **»«t*A'V<*T IJJ 



Fig. 10. 




REF ID : A62856 



W F FRIEDMAN COHF I DCHTIAL 

first half of the 15th Century and became the prototype of diplomatic 

• ciphers used in practically all the states of Europe for several centuries 
One of 70 ciphers collected m a Vatican codex and used from about 
1440 to 1469 is shown m Figure 9 Note that the equivalents of the 
plaintext items are Latin words and combinations of two and three 
letters, and that they are listed m an order that is somewhat alpha- 
betical but not strictly so I suppose that by constant use the cipher 
clerks would learn the equivalents almost by heart, so that an ad- 
herence to a strict alphabetic sequence either for the plaintext items 
or for their cipher equivalents didn’t hamper their operations too 
much In Figure 10 there is much the same sort of anangement, 
except that now the cipher equivalents seem to be digraphs and these 
are arranged m a rather systematic order, for ease m enciphering and 
deciphering Now we have the real beginnings of what we call a 
one-part code, that is, the same list will serve both for encoding and 
decoding These systems, as I’ve said, remained the prototypes of 
the cryptography employed throughout the whole of Europe for some 
centuries The Papal States used them, and as late as 1793 we find 



At. Sta. B. CU.* 












REF ID : A62856 
CONF I DENTIAL introduc riON to cryptology 



them used m France I wish here to mention specifically the so-called 
King’s General Cipher used m 1562 by the Spanish Court It is 
shown in Fig 11 

But there were two exceptional cases which show that the rigidity 
of cryptographic thought was now and then broken during the four 
centuries we have been talking about in this brief historical survey 
Some of the Papal ciphers of the 16th Century and those of the 
French Court under Kings Louis XIII and XIV exemplify these 
exceptions In the case of these French Court ciphers we find that a 
French cryptologist named Antonio Rossignol, who was employed by 
Cardmal Richelieu, understood quite well the weaknesses of the one- 
part code and syllabaries It was he who, m about 1640, introduced 
a new and important improvement, the idea of the two-part code or 
syllabary, m which for encoding a message the items in the vocabulary 
are listed in some systematic order, nearly always alphabetical, the 
code equivalents, whatever they may be, are assigned to the alpha- 
betically-listed items in random order This means that there must 
be another arrangement or book for ease m decoding, in which the code 
equivalents are listed m systematic order, numerically or alpha- 
betically as the case may be, and alongside each appears its meaning 
in the encoding arrangement, or book The significance of this 
improvement you’ll find out sooner or later Codes of this soit also 
had variants —Rossignol was clever, indeed One such code, found m 
the 1691 correspondence of Louis XIV had about 600 items, with code 
groups of two and three digits Not at all bad, for those days' 

Now this sort of svstem would appear to be quite secure, and I 
suppose it was indeed so, for those early days of cryptogiaphic de- 
velopment --but it wasn’t proof against the cleverness of British 
brains, for the eminent mathematician John Wallis solved messages 
in it m 1689. Never underestimate the British m this science— as 
we’ll have reason to note in another lecture m this series * 

French cryptography under Kings Louis XV and XVI declined, 
reaching perhaps its lowest level under Napoleon the Great It is a 
fact that m Napoleon’s Russian enterprise the whole of his army used 
but a single code book of only 200 groups, practically without variants, 
even for the high-frequency letters Furthermore, not all the words 
m a message were encoded — only those which the code clerk or the 
writer of the message thought were important It’s pretty clear that 
the Russians intercepted and read many of Napoleon’s messages —this 
comes from categorical statements to this effect by Czar Alexander I 

* Official deciphering of foreign communications by British cryptologists can 
be traced back to about the year 1025, if not earlier 



CONFIDENT I AL 



30 



REF ID:A62856 

w F FRIEDMAN CONFIDENTIAL 



himself We won’t be far wrong m believing that the weaknesses of 
Napoleon’s crypto-communications formed an important factor m 
Napoleon’s disaster A hundred and twenty-five years later, Russian 
ineptitude in cryptographic communications lost them the Battle of 
Tannenberg and knocked them out of World War I 

The other 16th Century Papal ciphers that constituted the second 
exception to the general similarity of cryptographic systems of those 
days were quite different from those I’ve shown you In this excep- 
tion the ciphers were monoalphabetic, but some letters had the same 
equivalent, so that on decipherment the context had to be used to 
decide which of two or more possible plaintext values was the one 
meant by each cipher letter One such cipher used by the Maltese 



CIPHER OF THE INQUISITOR OF MALTA (1585) 
(From SACCO, MANUALE DI CRITTOGRAPHIA, 1947) 

chiaro - A.T E.F I.G 0,D U,V,B C,L,N M.R P,S,Z 
cifra - 0354 2 6 9 7 



Nulle 1,8 

chiaro - qua que qui quo che chi non quando perche.et.per 
cifra - 7962453 0 1,8 

Seguono vane voci, cifrate con un gruppo di due cifre 
tramezzate da un punto, es ll Papa =27, ll Re di Francia = 
3 2 

Fig. 12 



Inquisitor in 1585 is shown m Fig 12 You’ll note that the digit 0 
has two values, A and T, the digit 2 has three values, U, V, and U, and 
so on There were two digits used as nulls, 1 and 8, digits with dots 
above them stood for words such as Qua, Que, Qui, and so on 

Figure 13 shows how a message would be enciphered and deciphered 
A bit tricky, isn’t it? Many, many years later Edgar Allan Poe 
describes a cipher of this same general type, where the decipherer must 
choose between two or more possible plaintext equivalents m building 
up his plain text, the latter guiding the choice of the nght equivalent 
The trouble with this sort of cipher is that you have to have pretty 
smart cipher clerks to operate it and even then I imagine that in many 
places there would be doubtful decipherments of words It wasn’t 
really a practical system even m those days, but it could, if used 
skillfully and with only a small amount of text, give a cryptanalyst 
^plenty of headaches But such systems didn’t last very long because 
of the practical difficulties m using them 



31 



coNnocNHA t 




REF ID : A62856 
CONFIDENTIAL introduction to cryptology 



Esempio di cifratura 
cbiaro -SPERO CHE 0 G N I 



C 0 S A 



S I A 



cifra -77394 4 4565 1 6470 8 750 

che sara trasmesso tutto unito, senza spazi 

Esempio di decifratura 



cifra 


4 


5 


1 


0 2 0 


4 1 


4 0 


9 


4 


8 


9 


5 


6 


2 0 


4 


1 


0 2 




(0 


I 




A 


U A 


0 


0 


A 


M 


0 




f.l 


I 


C 


U 


A 


0 




A 


U 


decif ra 


i D 


G 




T 


B T 


D 


D 


T 


R 


D 




R 


G 


L 


B 


T 


D 




T 


B 




l 








V 


















N 


V 










V 


ctiaro 


D 


I 




T 


U T 


0 


D 


A 


R 


0 




M 


I 


N 


U 


T 


0 




A 


V 


cifra 


5 


7 


4 




1 




4 


5 


6 


5 


1 


6 


4 


9 


5 


3 


9 


3 


8 








P 


0 




ET 




0 


I 


C 


I 




C 


0 


M 


I 


E 


M 


E 






decif ra 


G 


S 


D 




PER 




D 


G 


L 


G 




N 


D 


R 


G 


F 


R 


F 








l 


Z 






perchE 






N 






L 


















chiaro 


I 


S 


0 




PER 




0 


G 


N 


I 




C 


0 


R 


I 


E 


R 


E 







Fig. 13. 

The first regular or official cipher bureau in the Vatican was es- 
tablished m about 1540, and in Venice at about the same time, about 
one hundred years before a regular cipher bureau was established m 
Fiance by Cardinal Richelieu It is interesting to observe that no 
new or remarkable ideas for cryptosystems were developed for a 
couple of hundred yeais aftei the complex ones I’ve described as 
having been developed by the various Papal cryptologists One-part 
and two-part syllabaries and simple or complex ones with variants 
were in use for many decades, but later on, in a few cases, the code 
equivalents weie supei enciphered, that is, the code groups formed the 
text for the application of a cipher, generally by rather simple systems 
of additives Governmental codes were of the two-part type and 
were superenupheied bv the more sophisticated countries 

The first book or extensive tieatise on cryptography is that by a 
German abbot named Trithemius, who published in 1531 the first 
volume of a planned 4- volume monumental work I said that he 
planned to publish four volumes, but he gave up after the third one, 
because he wrote so obscuiely and made such fantastic clauns that he 
was charged with being in league with the Devil, which was a rather 
dangeious association m those or even in these days They didn’t 
burn Trithemius but they did bum his books Figure 14 illustrates 
that the necessity for secrecy m this business was recognized from the 
veiy earliest days of cryptology and certainly by Trithemius Here^fc 
is the soit of oath that Trithemius recommended be administered to^^ 



32 



REF ID:A 62856 

W F FRIEDMAN 



COHriDCHT I A t: 



students in the science of cryptology All of you have subscribed to a 
somewhat similar oath, but we now go further and back up the oath 
with a rather strict law You’ve all read it, I’m sure 

3TV OiiJhmnau (fcath 

i aunt’s 

in ' 

$3ooh.II,€i}apiet XXIYof upl^'i a 






& w-r thel&ftiue of JUmujhtii <Eoh 

by the fUooh of out j&oth Slesus (fetytist 
bo t l\e fie suf ter iiou o f tlje *3eah nub 
the last ^uhgmenf,and by tye Saftmtum 
ox mjj Soul in the IHoUj (Eat ^oUc Salih 
stami to jyimigt] ty ©ofc,ib :tye |8 le » sell Mjgin 

touAalt^fuU^ouafh tlpigCft of 
^ieuanontaphij all the gaUaof my jEife. 
jAmil teatt) it: to no one truth out pout 
(Consent and petmission^df eotiei £ 
lihetoise « toe at anb promise ttyatJTtmll 
not use tips ^notalehjge in (Supposition 
to (gob and his <&umraaohmeut*,not 
in Opposition to tl^epoiy Homan Catholic 
Churrt) and its piinlstets. 

»o niaVj (Soh help me, anh so tje 
l«atie me at tip? last Slu&gment. 

Fig. 14. 



33 CONFIDENTIAL 



REF ID : A62856 



CONFIDEHT I A fc introduction to cryptology 



We come now to some examples from more recent history. In 
Fig. 15 we see a cipher alphabet used by Mary, Queen of Scots, who 
reigned from 1542 to 1567 and was beheaded in 1587. In this con- 
nection it may interest you to learn that question has been reused as to 
whether the Queen was “framed” by means of this forged postscript 
(Fig. 16) in a cipher that was known to have been used by her. 










REF ID : A62856 

W F FRIEDMAN CONFIDENTIA -fc 



The Spanish Court under Phillip II, in the years 1555 -1598, used a 
great many ciphers and here’s one of them (Fig 17) You see that it 
is quite complex for those early days and yet ciphers of this sort were 
solved by an eminent French mathematician named Vieta, the father 
of modem algebra In 1589 he became a Councelor of Parliament at 
Tours and then Privy Counselor While in that job he solved a 
Spanish cipher system using more than 500 characters, so that all the 
Spanish dispatches falling into French hands were easily read Phillip 



Ci Ira [t»»l 1573 



Ci 


x"e" 


XI 


Jco 


XU 






m 


EQ 


ED 


m 


sr+ 


g 




3^ 


13 


IS 


a 


H 


cl 


1A- 


□ 






ca 






m 


03 


BBl 


1 


H 


Q 




E 


•n. 


E3 


m 


tjf 




brtx 


ire 


bri 


tro 


Jru 


c7uat 


elie 


c.hx 


cTuj 


e&u 




W 


rt 


W 


w 










tVe 


29 


ela 


E3 


clo 


eZu 


ss 


ere 


ert 




cm 


m 


9* 


19 


2* 


2* 


H 


£ 


4 




u 


gs 


dre 


cLtx 


cLto 


ciru 




fU 


m 


/*» 






%> 


i 






7 


> 


a 


> 


7e 




/■* 


A* 


At> 






yle 


Y l t 


sa 


yia 


u 


> 


1 


> 




0 


6+ 


6’ 


m 


S-e 


















file 


pUx. 


4 


■fr- 


4 






ct 


gu 


a. 


as 


Ort 


5 : 


fir* 


r? 


•pro 




tree 




2rt 


t-ro 


trn 


□ 




•et 


-et^ 


-e* i 


4 


-fc. 


4 


■fir 


■^e 




el 


SSI 


QJ 


rg 


eux 


t-n 


ca 


on 




□ 


fr 


I 


n 




<r 


o+ 


a 


<r°' 


<T* 


CUr 


er- 


eg 


ca 


ca 


04 


ej 




OT 




4 


4+ 


H 


E 


E 


/ 

\3 


D+ 




u* - 


i/e 


LS 


ier 


bvr 




Jur 




b*s 




£or 


23 


m 


A* 


a 






?' 


r 


? 












C.*>~ 


air 




ces 


cw 




CIA* 


M 


m 


a 


■dr 




D' 


D+ 


D 


Dv 


D< 



Fig. 17. 



was so convinced of the security of his ciphers that when he found the 
French were aware of the contents of his cipher dispatches to the 
Netherlands, he complained to the Pope that the French were using 
sorcery against him Vieta was called on the carpet and forced to 
explain how he’d solved the ciphers in order to avoid being convicted 
of sorcery, a serious offense. 

The next cryptologist I want you to know something about is 
another Italian savant who wrote a book, published m 1563, m which 



35 



CONriDCNTIA t 



































REF ID : A62856 



■ COHriDCHT I At r introduction to cryptology 

he showed certain types of cipher alphabets that have come down in 
history and are famous as Porta’s Alphabets Figure 18 is an example 
of the Porta Table, showing one alphabet with key letters A or B, 
another alphabet with key letters C or D, and so on I don’t want to 
go into exactly how the key letters are used, it is sufficient to say that 
even to this day cryptograms using the Porta alphabets are occasional- 
ly encountered 

That Porta’s table was actually used m official correspondence is 
shown by Fig 19, which is a picture of a table found among the state 



A B 








El 




f 


o 

o 




y 


m 








0 




s 


t 


□ 




19 


□ 


C T) 








EJ 




u 




u 


y 


y 


B 


v/ Xr 












a 




D 


E 


I 


H 


EF 








s 




u 


g- 


13 


B 


u 


u 










o 




n 


T 


s 


t 




A 


GH 








T 




t 


g* 


IF 


i 


y 


ns 








n 


o 


V 


<1 


r 


□ 


0 


B 


IL 








El 




Eg 


o 


(3 


y 


y 


S3 








y 




B 


i3 




S 


H 


□ 


IVIN 








PI 




U 


t 


U 


Q 


U 


S3 










Ea 




31 


o 


El 


n 




SB 


/y p 


a 






EJ 




Eg 




u 


y 


y 












□ 




B 




H 


H 


H 




on 








EJ 




u 


t 


□ 


u 


u 


ml 








t 




X 


z 


z 


n 


o 


p 


q 


ct 






c 


d 


e 


f 


% 




y 


y 


3 








s 


1 


V 




z 


z 


B 


B 


ra 


vx 






c 


a 


e 


f 


% 


■h 


* 

i 


U 










r 


s 


t 


V 


X 




z 


m 


n 


YZ 






Q 


a 




u 




i 


jj 


EJ 


3 








n 


u 




Qi 




SI 




□ 


SI 



Fig. 18. 



papers of Queen Elizabeth’s time, it was used for communicating with 
the English Ambassador to Spam Porta was, m my opinion, the 
greatest of the old writers on cryptology I also think he was one of 
the early but by no means the first cryptanalyst able to solve a system 
of keyed substitution, that is, where the key is changing consistently 
as the message undergoes encipherment Incidentally, Porta also was 
the inventor of the photographic camera, the progenitor of which was 
known as the camera obscura 



■ COHriDCNTIA tr 



36 




































REF ID : A62856 

W. F. FRIEDMAN 



Figure 20 is a picture of what cryptographers usually call the 
Vigen&re Square, the Vigen&e Table, or the Vigen&re Tableau. It 
consists of a set of twenty-six alphabets successively displaced one 
letter per row, with the plaintext letters at the top of the square, the 
key-letters at the side, and the cipher letters inside. The method of 
using the table is to agree upon a key word, which causes the equiva- 
lents of the plaintext letters to change as the key changes. Vigen&re 
is commonly credited with having invented that square and cipher but 
he really didn’t and, what’s more, never said he did. His table as it 
appears in his book, the first edition of which was published in 1586, 
is shown in Fig. 21. It is more complicated than as described in 
ordinary books on cryptology. 











REF ID : A62856 

COHriDEHTIAL introduction to cryptology 

Figure 22 is one more example of another old official cipher In it 
we can see the alphabets which could be slid up and down, as a means 
of changing the key The “two-square cipher”, or “two-alphabet 
cipher” shown in Fig 23 is another of this type It is a facsimile of a 
state cipher used in Charles the First’s time, in 1627, for communi- 
cating with France and Flanders It involves coordinates and I want 
you to notice that there are two complete alphabets inside it, intended 
to smooth out frequencies The letters of the keywords OPTIMUS 



■□□□□□□GQOEQQQQHBQQEOQafiEQQ 
inunLjnunuuMLiu^nnnnnnuEincEnnn 
ticjaun^aMouaanrinnnuoaEannnLin 



itjunuuFiouEQarcnanoonnmnnLaBLJC 
unuunGu^nnnnQnuEauiannnGQtJBu 
luuuFiGuiiaHnnanuEJCiSGnQciiaEJLJDbri 
u y FiGunaannDDuaauSQnaauauaunL! 
MMUU3EanClDDUDaSQF3QQL3QLJQIinL]U 



in □□□□□□□ □ucDaonDDuauauriLiuFi 




u n Su R Su"^ 




u □uaaaEoaauQtiQunuuw LJUGDBQfiHnra 
auEasapiDDuacjnonouHGULZEDnjnDD 

i m nniTTpinnniinMnfiiniTVHKiraimnRmmnnn 




^•□^□□iJDEJDunuuFiGuiic-oracnanuciD: 

MaOQl3DE!DUnaUBH3UE3QQrani3BH0anE 



Fig. 20. 

and DOMINUS serve as the coordinates used to represent the letters 
inside the square A third old cipher, one used by George III in 1799 
is shown m Fig 24 

One writer deserving special attention as a knowledgeable crypto- 
logist in the 17th Century, and the one with whose cipher I’ll close 
this lecture, is Sir Francis Bacon, who invented a very useful cipher | 
and mentioned it for the first time in his Advancement of Learning, 



- CQMriDCHT I Af 



38 



REF ID:A62856 



W K lit I ROMAN 



published m 1604, in London The description is so buef that 1 
doubt whether many persons understood wh.it he was driving at 
But Bacon described it m full detail with examples, m his great book 
De Augmentis Scientiarum which was published almost 20 years later, 
in 1623, and which first appeared in an English translation by Gilbert 
Wats in 1640 undei the title The Advancement of Learning Bacon 
called his invention the Biliteral Cipher and it is so ingenious that l 
think you should be told about it so that you will all fully understand 
it 



Z OIPIWIS < T 1 V 1 X 1 A l B l c i D i E IF 1G |H H |L |M| N' 

e\f\g\j^i\l\m\n\o\p |ft|« [5 I r \r\x\^B\c |d 

O e_ a |b |c |d je }f )g jh |i 11 |m|n |o [p jq lr |t | t |v~j}T 
>■ /. b jc jd |e |f |g jh |i jl jm|n lo Ip jq |r |t |t fv jx la 



c |d jc jf |g |h |i |l | m | n ! o |p |q t |t jr jv |x ja |b 



a |b [c |d 



c |d |e |t 




i H |m 



i» |1 |«n n jo |p jq jr |l |t |v x ,a jb jc |d |e |t' |g 



,1 |m|n |o Ip |q |r |1 |t jv |x |a lb |c |d |e |f jg jh 



m n |o jp jq jr |t It |v |x la \b |c |d |c |f |g |h |i 



n [o |p jq |r jf |r |v |x |a jb |c |d je |f Jg jh |i jl 



o jp |q jr |t |t jv |x |a jb jc jd jc jf jg jh |i jl |m 



p jq | r n It jv I* |a ! b |c |d jc jf jg jh |i jl jmjn 



q jr |1 |t jv jx |a |b |c jd 



r jf |t jv | x la jo jc jd jc jf jg jh jl jl |m njojp 



t jv (x |a jb jc jdjc |f |g jh ji jl j njnjojp jq jr 



v jx |a jb jc jd je jf jg jh |i (1 jmjn [o jp jq jr jf 



x |a jb |c jd [c (f jg |h jl jl jmjn jo jp jq |r jl jt 



ja jb jc jd jc jf (g (h jl jl jmjn jo jp jqjr jf (t jv 



Fig. 21. 

b In his De Augmentis Bacon writes briefly about ciphers in general 
r and says that the virtues required in them are three “that they be 



39 


























REF ID:A62856 



CONFIDENTIAL introduction to cryptology 

easy and not laborious to write; that they be safe, and impossible to 
be deciphered without the key; and lastly, that they be, if possible, 
such as not to raise suspicion or to elude inquiry.” He then goes on 
to say: “But for avoiding suspicion altogether, I will add another 
contrivance, which I devised myself when I was at Paris in my early 
youth, and which I still think worthy of preservation.” Mind you, 
this was 40 years later! Let’s consult Bacon for further details. In 
Fig. 25 we see a couple of pages of the Gilbert Wats’ translation of 
Bacon’s De Augmentia Scientiarum. Bacon shows what he calls “An 
Example of a Bi-literarie Alphabet”, that is, one composed of two 




elements, which, taken in groupings of fives, yields 32 permutations. 
You can use these permutations to represent the letters of the alpha- 
bet, says Bacon, but you need only 24 of them [because I and J, U and 
V, were then used interchangeably]. These permutations of two 
different things — they may be “o’s” and “£>’s”, “l’s” and “2’s”, 
pluses and minuses, apples and oranges, anything you please — can be 
used to express or signify messages. Bacon was, in fact, the inventor 
of the binary code which forms the basis of modem electronic digital 



CONDDCNTlAt 



40 



REF ID:A62856 

W. F. FRIEDMAN CO N riDC N T I A t - 



computers. Bacon gives a brief example in the word “FUGE” — the 

• Latin equivalent for our modem “SCRAM” — as can be seen in Fig. 
26. Figure 26 is another example, which quite obviously isn’t what 
it appears to be — a crude picture of a castle, in which there are shad- 
ed and unshaded stones. It was drawn by a friend who was a phy- 
sician and the message conveyed by it is: 

My business is to write prescriptions 
And then to see my doses taken; 

But now I find I spend my time 
Endeavoring to out-Bacon Bacon. 













REF ID : A62856 

CONFIDENTIAL introduction to cryptology 

A third example, not quite so obvious, is shown in Fig 27 The 
message conveyed is Knowledge Is Power * 

So far all this is simple enough — too much so, Bacon says, for the 
example he used in the case of the word FUGE is patently cryptic and 
would not avoid suspicion under examination So Bacon goes on to 
describe the next step, which is to have at hand a “Bi-formed Alpha- 
bet”, that is, one m which all the letters of the alphabet, both capital 
and small, are represented by two shghtly different forms of letters 
(Fig 28). Having these two different forms at hand, when you want 
to encipher your secret message you write another external and innoc- 
uous message five times as long as your secret message, using the appro- 
priate two forms of letters to correspond to the “o’ s” and “fc’s” repre- 



OiThk Advancement 



J* Bumfle tft fii ktnnt AfUbtt 

a<uutf aada/ cuM&.JaKn.aalaS 
ff & & <0 & 

aawi a£a<tt cSmS a&a&i a£aJ£ 

& O £T 4 s 

•Slat. ttfaS tUCa. aCCK (tuja, faaaf 
4 _y as jr z, 
Coiff 



Nmhcr II aafrmll matter j h&Cyfktr-Chtnllm havr,and 
may pofurme Pot bv this Jrt a way is opened, whereby a 
man may cxpreflc and figniRe the intentions of his minde, at 
any diltanoc of place, by objeAs which may be presented to 
lbeeye l andaLLommodared to the care provided thole ob. 
jeCtsDc capable of a twofold ditftrence onelv as by Bells by 
Trumpets, by Li pin and Torches, by the report of 
andanyinlbumcntsof like nature. Buttopoilueour enter 
pule when you addrefle your Telle to write , relolvc your in. 
ward-infolded Lener incothu Bt-btrrjr* Alfl*Wr 5avihen> 
U n m Lruerbe 

fir 

BumfletfS+tm. 

£ V. §. £ 

u£la, <lh£m % 



TogcAa 



Fig. 25. 



* Photo, taken about December 1917, of one of several classes of student offi- 
cers detailed by the Adjutant General of the U S Army to pursue a 6 -weeks’ 
course in cryptology conducted at the Riverbank Laboratories, Geneva, Illinois 
Key to the cipher officers facing directly forward are “a’s,” officers facing either 
to left or right are “ 6 ’s” Begin with first officer m rear row at extreme left 
abaab = K, abbaa = N, etc Civilians seated Colonel Fabyan, (head of the 
Riverbank Laboratories) at left, Mr Friedman (Director of School) at right, 
Mrs Friedman, the lady in center, other two ladies, secretaries to the Friedmans 
—Ed 



£OHriDCNT)A ±r 



42 



REF ID:A62856 

W F FRIEDMAN — C 



sentmg your secret message Here’s FUGE (Fig 29), enciphered 
within an external message saying “Manere te volo donee venero”, 
meaning “Stay where you are until I come ” In other words, whereas 
the real message says “SCRAM”, the phoney one says “Stick around 
awhile, wait for me ” Bacon gives a much longer example, the 
SPARTAN DISPATCH, here it is, and here’s the secret message 
which it contains (Fig 30 1 




Fig. 26 




Fig 27. 



Bacon’s biliteral cipher is an extremely ingenious contrivance 
There can be no question whatsoever about its authenticity and 
utility as a valid cipher Thousands of people have checked his long 
example and they all find the same answer —the one that Bacon gives 



43 




REF ID : A62856 

CONFIDENTIAL introduction to cryptology 



Oi Liiihino Li«VL 



Toother with tha,you mil have ready a lund 

which raq rptcTcik all the Ltttnt of die Camtm A 
fW^m^lCqnadlLcnmutbc taller Chaadosma 
double fbnne.umijr fit ewiy mu ocalwn 

, &■ £*.£ « £ *.{.4. ftl *.£ *-C 
i. . > :'$■ G. (xc.e.^3, 

rd /"«./"« ( * JT* ( *£* l*.£ 

mtzX.&ffifama?. 

r<, £*£*.f* £.*.[&.£ d £.*.£ 

I m. 

rd. C.dfd £.*£ d. (a. C.d [ d Cd. 

PCM* aO.Q.m&SPjj QJbjjfa 

r C.d,C.d.C , t£d. C.d£d. C dC.dC. 

a.tk 

c*. C. *.£. «. C. * £ d.t.dC.di *£. 
(%4%MhS&9Gi 

ti% **»» 



Fig. 28. 

Figure 31 is a modern example which uses two slightly different 
fonts of type called Garamond and Imprint, and which are so nearly 
alike that it takes good eyes to differentiate them 

The fact that Bacon invented this cipher and described it in such 
detail lends plausibility to a theory entertained by many persons that 
Bacon wrote the Shakespeare Plays and that he inserted secret 
messages m those plays by using his cipher If you’d like to learn 
more about this theory I suggest with some diffidence that you read a 
book entitled The Shakespearean Ciphers Examined I use the word 
diffidence because my wife and I wrote the book which was published 
in late 1957 by the Cambridge University Press 

In the next lecture we’ll take up cryptology as used during the 
period of the American Revolution by both the Colonial and the 
British Forces in America 



CO N F I DE N T I AL 



44 



REF ID : A62856 




w F FRIEDMAN CONF I DENTIAL 



atfi 



Or Tm Ad 



NowathemmourWw^uUinDUrooIUlfit 
abdbaa^CDBnElBDi.DihAIUIadvRi icadajct. 



ifbtlan.uda&mnAfaadomc. La dice 
AbmpfA 

jHuif as i (jJk [***[•*> 

JfaMtn to <Sw tear 

Wct^i ua o ilfa w fc tflwe Mif l r mw f lr of Aecjr- 
|kiofmaatMM*v«M Aanno«n,«ki(hiD 
awd^whiiWffLlioiti rfitoatefamittln 
mad cypher'd (ML 




O f Lu hhihq LuVI 

^Egrmjnofliao, ayttXtufJidattetnt,^ 
etdttu jahfuaoomt&u JUiiymnm; 
fumjelujaao . Santa Utmmmym.- 
tUahmvm enpamc mcntmm,vtpmwz 
mU,**yvftAari dememnaytuaz 
tij m ,maium.i£n.m. 1 ua cam tffoo. 
ritam mfnesst. acctfiatijaiari Jnaan= 



■uti^t£ttaf S(^u canjunjutiiintj 

«bi ttn&fitn volant. Sautas^fz 
gxms Calumniam, non nltjumt itfmiz 
(tuefetiu. 



vnuhaemfniot. Be. 

Plats No. SI 



Fig. 29. 



Fig. 30. 



In all duty or rather piety towards you I satisfy every body except' 
myself. Myself I never satisfy. For so great are the services which you 
have rendered me, that seeing you did not rest in your endeavours on my 
behalf till the thing was done, I feel as if life had lost all its sweetness, 
because I cannot do as much tn this cause of yours. ' The occasions are , 
these : Ammoruus the King's ambassador openly besieges us with money • 
the business is carried on through the same creditors who were employed 
tn it when vou were here, ire. 



Fig. 31. 

45 CONFIDENTIAL 




REF ID : A62856 



COHriDCNTIA tr 



Introduction to Cryptology — III 

BY WILLIAM F FRIEDMAN 
Confidential 

The third lecture m this series deals with the cryptosystems employed 
by the British Regulars and by the Colonials during the period of the 
American Revolution This is followed by a brief explanation of the 
cryptanalytic nature of the initial breaks m the solution of the ancient 
Egyptian hieroglyphic writing 

Continuing with our survey of cryptologic history, the period of 
the American Revolution, m U S history, is naturally of considerable 
interest to us and warrants more than cursory treatment Informa- 
tion regarding the codes and ciphers employed during that period 
has been rather sparse until quite recently, when a book entitled 
Turncoats, Traitors and Heroes by Col John Bakeless, AUS, was 
published m 1959 by Lippmcott After a good many years of re- 
search Col Bakeless brought together for the first time a considerable 
amount of authentic information on the subject, and some of it is in- 
corporated in this lecture 

Accordmg to Col Bakeless— and believe it or not — in early 1775 
the British commander-in-chief in America, General Gage, had no 
code or cipher at all, nor even a staff officer who knew how to com- 
pile or devise one, he had to appeal to the commanding general m 
Canada, from whom he probably obtained the single substitution 
cipher which was used m 1776 by a British secret agent who— again, 
believe it or not— was General Washington's own director-general of 
hospitals. Dr Benjamin Church General Washington had means 
for secret communication from the very beginning of hostilities, prob- 
ably even before the fighting began at Lexington and Concord If 
the British under General Gage were poorly provided m this respect, 
by the time Sir Henry Clinton took over from General Howe, who 
succeeded Gage, they were much better off— they had adequate or 
apparently adequate means for secret communication 

Are you astonished to learn that the systems used by the American 
colonial forces and by the British regulars were almost identical? 
You shouldn’t be, because the language and backgrounds of both 
were identical In one case, m fact, they used the same dictionary 
as a code book, something which was almost inevitable because there 
were so few English dictionaries available Here’s a list of the sys- 
tems they used 



41 



COHflDCNT I AL 



REF ID:A62856 



CONFIDCNTIA t~ history of cryptology 

a Simple, monoalphabetic substitution — easy to use and to 
change 

b Monoalphabetic substitution with variants, by the use of a long 
key sentence I’ll show you presently an interesting example m 
Benjamin Franklin’s system of correspondence with the elder Dumas 
c The Vigen^re cipher with repeating key 
d Transposition ciphers of simple sorts 

e Dictionaries employed as codebooks, with and without added 
encipherment Two were specially favored, Entick’s New Spelling 
Dictionary, and Bailey’s English Dictionary A couple of pages from 



*78 J A C 

Mm, v a. to make mtb.cholf, to Wplrit 
Hypa.'Uge, f a change t>f cafes, 

Hyperbole,/ an txagga ration, a dimiaonon 
Hy per boi ical, 4. nagfcr«flg or extenuating 
Hyperb&eaa, 4 mm kern (reafm, 

Jj* P cr > Hypercm'io,/ a entte beyond 

Bypcrcra'tcal, a cmic 4 beyond oft-, feme 
W y per meter / what 11 a boro th€ ft* nd.rd 
H>perfa,kcfis, ( a growth of proud fteih 
f ’hen, y ( ) between word* or fyllabtel 
Hipoei'ic, / j mod cine caufiag flrtp 
Hypuclion'dnao,/ one affeQed with mekochnly 
Hypochondnitil, a. melancholy 
Hrpoc'nfy, f Aftimu/atwn, a ptotrnce " 

Hyp'Ovn a,/ a diffVmblrr 10 religion, 6 jfr 

Hypoot^icaJ, 4 d.femMing, infiacere, faffe 
Hypocnt'uaUy, md wiifiw fir cent?, fjffe y 
^p^K r rfic,ai la the lower part of the belly 
Htpua **fi ,/ 4 diftipA faMU-tr, perfbmHry 
Hyp ftat'ual a. conftrtuctve, diftinft, perfona* 
Hypoth«f|.,/ a fyficot upon fujIpofitioB 
Hy,u thet'ical, a. fupeofed, conditional 
Hvo tbet'cj.Jy, stL up*n fmpofitfoa 
Hyrf», Hurd or Herft, / a wood 
Hva'f p,/ a nUnt 
H 1 rie, 4 troubled with ftta 
Hjrtct ic *,j fl fit« of »on>eft 
1. 

I prem myfcff 

• f Jab bar, v a to talk »dly, to chatter 
fib'be er,/ one who talk* unintelligibly 
J scent, 4 lying at length, e* tended 

I acinth, f a geiw, the hyariD'k 
■<k»/ J^hn, an engine, ft A leathern ctnn 
ack'al ,/ a beaft that fiarti the lion*a prey 
ackajrnt, f a Ample ftleepiA fellow 
ack a-iapca, t a monkey, a eoecnmb 
ackboot %tj bo«a taring Jar armor 



J A U 

J .ickMaw ,/ a chattering bird 
' athfti, f a waiftcoat^a Aort coat 
ack 'paddmj, f a merry andrew, a buflbM 
ifiblt,/. a pavtitaa of Jamei If 
aAitltion,/ a inAtog motion rdHeflheft 
acaUtton, / the a A of throwing or darting 
ude, f a bad woman, a worth ft fa horfo 
ait, v a to tire, weary, ride down, fiolt 
adt A, 4 mrtly, ttcmi, aitchidi 
' a ggiW4 to notch,/ itfeadctlaiMt^BCNulli 
' a^e>og, / a cutting ta notchtl 
' ag'py, 4 uneven, notched 
' ail, / a pnfon, a goal 
] »tfer, f the keeper of a pnfca* » 

■kei , a hoofe of ofice, a bogbOoA 
>m, J • confeTve of firth, a chiW\ fiodt 
am, r i id cnnffae hetweer, to wedge in 
■mb,/ the upright poft of a door 
am'bie,/ verfca compoAd ofaloof aadaAMt 
fi liable alternately 

fan'gft, v «. to wrangle, Co be oet of tone 

!| ai>^aary,/ a Turkifc folder, a guard 
*n'ty 4 /howy, fluttering, gay, giddy 
x/oary, t the firft month of tha year 
••pan, f a varnifh to woik Incolove 
•pan e a to black Aoet 

apar/.irr, f a Aoebftck, one who j apart 
ar, v n to dafh, difrgrer, diffe , qvtml 
*r, f diftord, a bat A found, an earthen vriM 
/tgo*g)r, v n to confound, perplen, pervert 
ar'gon, / gibberiA, gabn'e, nolifeoA 
•a'tnme, Je f »mmr,/ a flu wet 
•a’per, t a precioot green ft one 
artlm,/ a fperr or half pUtt 
aui/dice,/ ■ difttmpcr 
aui/Jiced, a affedtrd wfrh the janndlfea 
aoat, v n to walk or travel about 
aunt,/ a ramble, eat sr fan, fifty 

fao lfily. 



Fig. 1. 

the former are shown m Fig 1 To represent a word by code equiva- 
lent you simply indicated the page number, then whether column 1 
or column 2 contained the word you wanted, and then the number of 
the word in the column Thus The word “jacket” would be repre- ( 
sented by 178-2-2 

f. Small, specially-compiled, alphabetic one-part codes of 600-700 



COHriDCHTIA fc- 



REF ID : A62856 



W F FRIEDMAN CONFIDENTIAL 

items and code names — our old friend the syllabary, or repertory, of 
hoary old age, but in new dress In some cases these were of the 
“one-part” or “alphabetic” type 

g Ordinary books, such as Blackstone’s Commentaries on the Laws 
of England, giving the page number, the line number and the letter 
number m the line, to build up, letter-by-letter, the word to be re- 
presented Thus 125-12-17 would indicate the 17th letter m the 
12th line on page 125, it might be the letter T 

h Secret inks Both the British and the Americans made ex- 
tensive use of this method 

i Special designs or geometric figures, such as one I'll show you 
presently 

j Various concealment methods, such as using hollow quills of 
large feathers or hollowing out a bullet and inserting messages writ- 
ten on very thin paper Strictly speaking, however, this sort of 
strategem doesn’t belong to the field of cryptology But it’s a good 
dodge, to be used in special cases 

In the way of ciphers a bit more complex than simple monoalpha- 
betic substitution ciphers, the British under Clinton’s command used 
a system described by Bakeless in the following terms 

“ a substitution cipher m which the alphabet was reversed, V be- 
coming ‘a’ and ‘a’ becoming V To destroy frequency clues, the cipher 
changed in each line of the message, using ‘y’ for ‘a’ in the second line, 

‘x’ for ‘a’ in the third, and so on When the cipher clerk reached ‘o’ 
in the middle of the alphabet, he started over again A spy using this 
cipher did not have to carry incriminating papers, since the system was 
so easy to remember ” 

The alphabets of this scheme are simple reversed standard sequences 
ABCDEFG H IKLMNOPQRSTUWXYZ 

ZYXWUTSRQPONMLKIHGFEDCBA 

YXWUTSRQPONMLKIHGFEDCBAZ 

XWUTSRQPONMLKIHGFEDCBAZY 

ONMLKIGHFEDCBAZYXWUTSRQP 

Bakeless doesn’t explain why the cipher sequences are only 12 m 
number — nor does the source from which he obtained the informa- 
tion, a note found among the Clinton Papers in the Clements Library 
at the University of Michigan. 

Bakeless continues 

“Clinton also used another substitution cipher, with different alpha- 
bets for the first, second and third paragraphs Even if an American 
cryptanalyst should break the cipher in one paragraph, he would have 



43 



CONriDCNT I A tr 



REF ID : A62856 

CONr i DENT I A fc - htstory of cryptology 



to start all over m the next As late as 1781, however. Sir Henry was 
using one extremely clumsy substitution cipher, in which ‘a’ was 51, 

‘d’ was 54, *e\ 55 Finding that ‘a’ was 51 and ‘d’ was 54, anyone 
could guess I correctly) that ‘b’ was 52, ‘c’ 53 Somewhat more com- 
plex was his ‘pigpen’ cipher, in which twenty-five letters of the alpha- 
bet were placed in squares Then an angle alone would represent a 
letter, the same angle with a dot another letter, the same angle with 
two dots still another In some cases, cryptography was used only for 
a few crucial words in an otherwise ‘clear’ message, a method also fa- 
vored by certain American officials ” 

Of the first cipher mentioned in the preceding extract, there is 
much more to be said Perhaps Bakeless was limited by space con- 
siderations In any case,' I will leave that story for another time and 
place As for the second cipher Bakeless mentions m the extract, I 
can give you the whole alphabet, for it exists among the Clinton 
Papers 

ABCDEFGHIKLMNOPQRSTUWXYZ 
51 52 53 54 55 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 



There is no explanation why the sequence beginning with 50 stops 
with E -55 and then, starting with F-60 goes straight on without any 
break to Z-78 (Remember that in those days I and J were used 
interchangeably, as were U and V j 
Finally, as to what Bakeless (and others) call the “pigpen” cipher, 
this is nothing but the hoary old so-called “Masonic” cipher based 
upon the 4-cross figure 




which can accommodate 27 characters, not 25, as Bakeless indicates 
Letters can be inserted in the design in many different arrangements 

I’ve mentioned that code or conventional names were used to re- 
present the names of important persons and places m these American 
colonial and British cryptograms of the Revolution Here are ex- 
amples selected from a list of code names prepared by the famous 
British spy, Major Andr6, chief of intelligence under General Clinton. 

For American Generals — the names of the Apostles, for instance 
General Washington was James 
General Sullivan was Matthew 

Names of Forts 

Fort Wyoming - Sodom 
Fort Pitt - Gomorrha 

Names of Cities 

Philadelphia - Jerusalem 
Detroit - Alexandria 



CONFIDENT! A t: 



44 



REF ID : A62856 

W F. FRIEDMAN CONflDCNTIAL 



Names of Rivers and Bays: 

Susquehanna — Jordan 
Delaware — Red Sea 

Miscellaneous. 

Indians — Pharisees 
Congress — Synagogue 

I’m sure you’ve learned as school children all about the treason- 
able conduct of Benedict Arnold when he was in command of the 
American Forces at West Point; but you probably don’t know that 
practically all his exchanges of communications with Sir Henry 
Clinton, Commander of the British Farces in America, were in cipher, 
or in invisible inks. One of Arnold’s cipher messages, in which he 
offers to give up West Point for 220,000, is shown in Fig. 2; Fig. 2a 



- 1“ -■* -v* 1 

"i - y k 



— ~ "hi * * 




S’ ■KA|r 4/il *1 — 

■* /. j l» •s. <u mf-Hi 

V* Ug/ 



■38a;ias8s aaht» .-:i • 

i : *1 u--x- ~ , 0.MF ' 

:->V3 

-**■>*■*1 ■ i. ’ £" u J 




. , 

^ A ^ ^ / M an , 

Urn - V 

I*./// - * t «A / / 

f ■/-/ ■ -- 

./ - r '-''V 




•r n - , 

*/*—<•*•£*& nr -/ _.jy , ^ 

^ 1 " } 1 



**»/. ‘ . - . 
SSaizr^'' ’> , 

- ■*• r~. - I •'*• 



- ' v 



Fig. 8a. 



Fig. 2b. 



being the secret version, Fig. 2b, the plain text. Arnold left a few 
words en dair, the ones he considered unimportant; for the important 
ones he used a dictionary as a codebook, indicating the page number, 
column number and line number corresponding to the position in the 
dictionary of the plaintext word which the code group represents. 
Arnold added 7 to these numbers, which accounts for the fact that 
the first number in a code group is never less than 8, the central num- 
ber is always either 8 or 9, and the third number is never less than 8 
or more than 36. The significant sentence appears near the middle 
of the message: “If I 198-9-34, 185-8-31 a 197-8-8 ...” yields the 
plain text: If I point out a plan of cooperation by which S. H. (Sir 
Henry Clinton) shall possess himself of West Point, the Garrison, 
etc., etc., etc., twenty thousands pound Sterling I think will be a 
cheap purchase for an object of so much importance.” The signa- 



45 






REF ID : A 62856 



CO N FIDENTIAL history of cryptology 

ture 172-9-19 probably stands for the word “Moor;” Arnold’s code 
name in these communications was “John Moore.” He had also 
another name, “Gustavus.” 

t * **+-9 » — ^ 

+ 4 /n f.t* f 

1 f if A /ir^ *4 
^ ^ ^**4 /<7 f y j . u 

n- f *7 ft* 7 ** \j 

ft* f*%% /f # / *t /fl ^ 






^ »— «■ a y^ju r • 

k'M A A / ^ ^*>* if h, / 
.< 



Fig. 3. 



Figure 3 is a message m which he gave the British information 
which might have led to the capture of his commander-in-chief. 
General Washington Figure 3 at the top shows the code message, 
at the bottom is the plain text Arnold used the same additive as in 
the preceding example. Washington, however, was too smart to be 
ambushed — he went by a route other than the one he said he’d take. 

Sir 

W Howe 
is gone to the 
Cheasapeak bay with 
the greatest part of the 
army I hear he is now 
landed but am not 
certain I am 
left to command 
here with a 
too small force 
to make any effectual 
diversion in your favor 
I shall try something cer 
— At any rate It may be of use 
to you I own to you I think 
S r W’s move just at this time 
the worst he could take 
much joy on your success 



ftZzr 

— _ . 1 , J^rr -j ^ 



• # 4k 

^ ■V-C 4 «4 

y*-* 







t Oyx 



Fig. 4. 

You may find Fig 4 interesting as an example of the special sort 
of mask or grille used by Arnold and by the British in their negotia- 



CONriDENTIA t: 



46 



REF ID:A62856 

w f FRIEDMAN COHf l DCNTI/tt : 





tions with him The real or significant text is written in lines out- 
lined by an hour-glass figure and then dummy words are supplied to 
fill up the lines so that the entire letter apparently makes good 
sense. To read the secret message, you’re supposed to have the 
same size hour-glass figure that was used to conceal the secret mes- 
sage In Fig 4 the left-hand portion shows the “phoney” message 
Masks having small rectangular apertures were also used, the signif- 
icant words being written so that they were disclosed when the mask 
was placed on the written message so as to isolate them from the 
non-significant words The significant text in this example is shown 

m printed form to the right of the orig- 
inal hour-glass design 
Arnold even used the tnck, men- 
tioned above in method j, that was 
quite similar to one used recently by the 
Russian spy, Colonel Abel (Fig. 5) who 
was arrested in New York in June 1957, 
tried and convicted, and is still languish- 
ing m a Federal prison. 

An interesting episode involving con- 
cealment of this sort is recorded by 
Bakeless. An urgent message from Sir 
Henry Clinton, dated 8 October 1777, 
and written on thin silk, was concealed 
in an oval silver ball, about the size of a 
rifle bullet, which was handed to Daniel 
Taylor, a young officer who had been promised promotion if he got 
through alive. The bullet was made of silver, so that the spy could 
swallow it without injury from corrosion Almost as soon as he 
started, Taylor was captured Realizing his peril too late, the spy 
fell into a paroxysm of terror and, crying, “I am lost,” swallowed the 
silver bullet Administration of a strong emetic soon produced the 
bullet with fatal results, for Taylor was executed “A rather heart- 
less American joke went around,” adds Bakeless, “that Taylor had 
been condemned ‘out of his own mouth’.” 




Fig. 5. 



We next see (Fig. 6) one Benedict Arnold message that never was 
deciphered It is often referred to as “Benedict Arnold's Treasonable 
Cow Letter.” Only one example is extant, certain words have purely 
arbitrary meanings, as prearranged The letter was written just 
two weeks before the capture of Major Andr6 



In Fig 7, we see a British cipher message of the vintage 1781 It 
was deciphered before finding the key, always a neat tnck when or if 
you can do it The key — the title page of the then current British 




47 



- GONr i DCHTfAt r 





REF ID:A62856 

HISTORY OK CRYPTOLOGY 









Sj fm ** < CyXV *- ■■ j ***/ 

* ^/ A/ *f‘" l ‘ ~m*. ,iu~AC 

£ *S~~ ~~ ‘"~ > y *- 9L~Jy y/.. / ' 

/*”*'** ^ A^C_// <. «»'.<< 

7 - ''- - / ■* ' — ' tr\S.*~ d • /!" 

■^ ** * »• -J (4ii a ~ ^!|J>«M^ // ' 

4 *• — • 4^. a 4- -• j^£* ^* “— 4 






S— 

**- 



y. if 

<<«4S%4 







Fig. 6. 





REF ID : A62856 



W P FRIEDMAN 



Army List -is shown in Fig 8 The numbers m the cipher text 
obviously refer to line numbers and letter numbers m the line of a 
key text, the first series of numbers, viz., 22 6 7 39 5 9 17, indicating 
line number 22, letter numbers 6 7 39 5 9 17 in that line Because of 
so many repetitions, the plain text was obtained by straightforward 
analysis by an officer recently on duty m NSA, Captam Edward W 
Knepper, USN, to whom I am indebted for this interesting example 
The plain text, once obtamed, gave him clues as to what the key text 
might be, simply by placing the plaintext letters m their numerical- 
equivalent order in the putative key text This done, Captam 
Knepper was quick to realize what the key text was — a British Army 
List The date of the message enabled him to find the list without 
much difficulty m the Library of Congress (Fig 8) 




Bv Piimiiiio** tf i he Ki«*r ItoiuiMHi 

The SctRiTARi at War 



L I A S T 

Ol THL 

GENERAL and 1 ILLD OFFICERS, 

A* they rinL in (he Army, 

•i i iiip 

OITICER5 in tin f-icral REGIMENTS 

O ¥ 

HORSE, DRAGOONS, and FOOT, 

rn» 

BRITI'I! and IR1MI ESTABLISHMENTS 

(la art i K i addrd 
Aw AliHi||Tli«l Nmi) 

TWXiril litiinir a f At r din r aa d Lap rf liming 
A a lua* AiTiitur M Baoiaim 
AM iha MAP • an PILL and HALF PAY 



The Dam of their Co h mi tti oks, uthey rank in each 
eOQP« Md in the 8 R fl# A« 

Th OiHiHii LiiaiiaiiTGaniioai H rf In MAJUTY > 
GibiiiMi m fiMM Hi AWaad wwk iMr Aamaicii 
Alt iWOimliii «■ Km Par A*4 

A SUCCESSION of COLONELS, 

Wiik da Uupnn m Mth Rmhiit Im ifci m Ouii lr 
CiitRiao fer 

MDCCLXXVIU 



Fnaisi far J Hi u*ai *|f«4u lit ITtmU !L 



Fig. 8 

There was an American who seems to have been the Revolution’s 
one-man National Security Agency, for he was the one and only 
cryptologic expert Congress had, and, it is claimed, he managed to 
decipher nearly all, if not all, of the British code messages obtamed 
in one way or another by the Americans Of course, the chief way 
m which enemy messages could be obtained m those days was to 
capture couriers, knock them out or knock them off, and take the 



49 






REF ID : A62856 



CONFIDENTIAL history of cryptology 

messages from them This was very rough stuff, compared to get- 
ting the material by radio intercept, as we do nowadays 

I thmk you’ll be interested to hear a bit more about that one-man 
NSA His name was James Lovell and besides being a self-trained 
cryptologist, he was also a member of the Continental Congress. 
There’s on record a very interesting letter which he wrote to General 
Nathaniel Greene, with a copy to General Washington Here it is 

Philadelphia, Sept 21, 1781 
Sir 

You once sent some papers to Congress which no one about you 
could dec y pher Should such be the Case with some you have lately 
forwarded I presume that the Result of my pains, here sent, will be 
useful to you I took the Papers out of Congress, and I do not think 
it necessary to let it be known here what my success has been in the 
attempt For it appears to me that the Enemy make only such Changes 
in their Cypher, when they meet with misfortune, as makes a differ- 
ence of Position only to the same Alphabet, and therefore if no talk of 
Discovery is made by us here or by your Family, you may be in Chance 
to draw Benefit this Campaign from my last Night’s Watching 
1 am Sir with much respect, 

Your Friend, 

JAMES LOVELL 

Maj Genl Greene 

(With copy to Genl Washington) 

In telling you about Lovell I should add to my account of that 
interesting era in cryptologic history an episode I learned about only 
recently When a certain message of one of the generals in com- 
mand of a rather large force of Colonials came into Clinton’s pos- 
session he sent it off post haste to London for solution Of course, 
Clinton knew it was going to take a lot of time for the message to get 
to London, be solved and returned to America— and he was natu- 
rally a bit impatient He felt he couldn’t afford to wait that long 
Now it happened that in his command there were a couple of officers 
who fancied themselves to be cryptologists and they undertook to 
solve the message, a copy of which had been made before sending the 
original off to London Well, they gave Sir Henry their solution 
and he acted upon it The operation turned out to be a dismal 
failure, because the solution of the would-be-cryptanalysts happened 
to be quite wrong' The record doesn’t say what Clinton did to 
those two unfortunate cryptologists when the correct solution ar- 
rived from London some weeks later By the way, you may be 
interested in learning that the British operated a regularly-established 
cryptanalytic bureau as early as m the year 1630 and it continued 
to operate until the end of July 1844 Then there was no such 
establishment until World War I I wish there were time to tell 



COHriDCNT I A t- 



50 





REF ID:A62856 

w F FRIEDMAN CONFIDENT I A L 

you some of the details of that fascinating and little known bit of 
British history 

There’s also an episode I learned about only very recently, which 
is so amusing I ought to share it with you It seems that a certain 
British secret agent in America was sent a message m plam English, 
giving him mstructions from his superior But the poor fellow was 
illiterate and there wasn’t anythmg to do but call upon the good 
offices of a friend to read it to him He found such a friend, who 
read him his instructions What he didn’t know, however, was that 
the friend who’d helped him was one of General Washington’s secret 
agents r 

The next illustration (Fig 9) is a picture of one of several syl- 



_4 




JM 


w* 




JV 


70 


»44 


U.* 


*vj 


JLOmmJI S m/ 


>\l 


a. 


HI 


A- 




;#»4 4/7 


ui- 


. . *6 




■*» 




rv 


<Uf* 




it/ 


JfOl 


«■*/ i 


uAm*Jk «»4 


Aw4a~ 


•»*»*> 


■** 


A*** 




JruA W ' 


ui 


IM 1 


IWm 






*+t 


fyr 


4/4 


»A UX 

. A'* 




- ^-! 

4 V i 






JJJ 




1 ax' 


441 


a^/«- 


T 


*** 


AM 1 








- 1) 


1U 




40 




»/* 


4-a, *■ 


^ <7/* 








■»»» 


6Sf 




«» 


91 




« >*«■<•<» 440 






DM 




>0* 


fW* 




tfi 


-iC* 


4N 


ki 


*4/ 






•K0 




** » 




its 


M. 




4M0W 
















+yJ 


3 k4 




U0V 


4«4| 








**, 


,U^,c 


X44 


3M»v *■/ 


muter 41/ 






tMM 




J2 




£J* 


■TJX 


te>A> 4ff 












f-* 




17* 


3**0 


/•/ 


MlUt «/ 








AAl 






»a/ 


liar 


i/I 


imjrn 










1H 






JM 


J 


47* 


*-A 


41/ 
















/a 


49/ . 










r*i. 


4 0/ 1 


5T° 




*40 


f«44 4 »♦' 


/./ 


/v • 










Im 


Vac 








Wl 




» 






■>*«■ 


All 




J 


r#», fi*K J4* 


•r- 0 - 


4/7 








~<» 




VI*. 








r* 






a 






rtL 




w» 


/5A 


417 


•M^r. 


4 rn 








>14 








A iff 




r */* 






U- ■ 


Ul 






1 


M.*X K/ 




‘ 


















Fig. 9a. 
















\tu 


f>Hr 




J*r 


«dj> 






U/ 










Uj r 


M/if*. 


«ff J 


IV— 




"a 


l»» 








Un 


*r*- 




14/ 


la- 


Jl> 


9rv»y 


412 




*/' 






*•; 






U#4 


*0w«a. 


/V 




A»4 






***w ""I 






“A **4 




44/ 


ma 


4/4 




Ur 














!9* 


4^44* 


W 




Ui 
















J1 ’ 


/rHl. 


i/l» 


Aar Aih 


U> 




*7-r 






U*/ 






U** 


tuv 


**» 


4 


ll> 


4* 




r 




'44 2 


A-r 




Kv 


Mtwbj 




T*MI«4 1 


l 4*^ 


4Mtom 




a 


4 1 




•w— 




MX# 


*2 


<*r 


4-* 


44/ 




V* 




1 








‘4// 


tf* A/m 


V* 




14/ 


a 


*71 






<44* 


Jv»*v. 




•X r44^ 


/// 




Ul 




3lf 


VA. 










X<y 


*»* 


//* 




> 444 


Hm>I 


If/ 


✓ 






*.4 




** 


<u 


/7| 




1 444 


A* 


JM 




7 


444 




A. 


Mr 


An l 


1M 


> 


‘ Am 


**y 


III 


«u 




44* 






J/4 


j 


! /fr 




444 


(00 








44# 


£ 




*£> 


H r j 


JW 


Mm 


H/ 




Ur 


A** 










r»i 


«fc/> 


*9t 


(U. 


1442 




«« 






«r; 


'•y 






K4. 


S*4 


0** 


1 44# 




iy 






*41 


•j 




/Jr 


nx.4 


«/ 




40* 


V7 


>u 






>/ 




12/ 


A/m/b% 


J>4 


Kk *4. 


44/ 




% 


*■*» 




44* 


-V 




4» 


*. V | 


*V 




U* 




V* 






44# 


M; 




X)J 




40/ 


A** 


4X2 
















04 


- 


/*» 




44V 




'/a 






Wl 


fvaw 




rw 








Ur 








__ 




v-*- 




/■»* 


>*f4—a 1 


/»/ 




l0i* 








*i0 


«l« 




17? 


** 


It/ 


4Cw4 


4« 


0k. 










*- 

i 


ill 




4 4» 
1 4/# 





Fig. 9b. 




51 



REF ID : A62856 

. COHriDUNT I AL history of cryptology 



labaries used by Thomas Jefferson It is constructed on the so-called 
two-part principle, which was explained in the preceding lecture Fig 
9a is a portion of the encoding section, and Fig 9b is a portion of the 
decoding section, m which the code equivalents are m numerical order 
accompanied by their meanings as assigned them m the encoding 
section This sort of system, which, as I’ve already explained, was 
quite popular m Colonial times as in the early days of Italian cryptog- 
raphy, is still in extensive use in some parts of the world 
A few minutes ago I mentioned Benjamin Franklin’s cipher system, 
which, if used today, would be difficult to solve, especially if there 
were only a small amount of traffic m it Let me show you what it was 
Franklin took a rather lengthy passage from some book m French 
and numbered the letters successively These numbers then became 
equivalents for the same letters in a message to be sent Because the 
key passage was in good French, naturally there were many variants 
for the letter E — in fact, there were as many as one would expect in 
normal plain-text French, the same applied to the other high-fre- 
quency letters such as R, N, S, I, etc What this means, of course, 
is that the high-frequency letters m the plain text of any message to 
be enciphered could be represented by many different numbers and 
a solution on the basis of frequency and repetitions would be very 
much hampered by the presence of many variant values for the same 
plaintext letter In Fig 10 you can see this very clearly 




Fig. 10. 



I know of but one case in all our U S history m which a resolution 
of Congress was put out m cryptographic form. It is shown m Fig. 11 
— a resolution of the Revolutionary Congress dated 8 February 1782 
I have m my collection not only a copy of the resolution but also a 
copy of the syllabary by which it can be deciphered 

Interest in cryptology in America seems to have died with the 



COHr i DCMTIA b 



52 



REF ID : A62856 



W. F FRIEDMAN 

“A, A 4 _ J 1 * 

>a!Uj i 

s j 



CO M riDCNTIA t- 









a ~ 4- 4 - * ■_„ 

*2- /- +*\. >*/.; r 
— * — y t — *■ 

>7 <U -- 1 

^ ^ yw- _>£'._ -eiv . *. 

’ ‘* l, “ T^~ ■'*»,— **• ■“ w> < - 

•j—l- ? 

«( - — «< i_ . 

* ^K« — ~ — ««r y, „ _ 

>- .- M»Vi TW.'^—w 

-2- — _ __ — f '* 

.-1 _ o“ •* »- m- 

-* - - 4- <•■ ■«' — — „ 

, .<£.<■.- _>? * 4h "V 

i" - ib< f , 

ii ■ < ^A*** — 

— «<J^kr «r- ^ O - |A — 



W - »• - — i *’< 

ifcf — t- ftkfei _ 






Fltf. 11. 



passing of Jefferson and Franklin, But if interest in cryptology in 
America wasn’t very great, if it existed at all after the Revolution, 
this was not the case in Europe. Books on the subject were written, 
not by professionals, perhaps, but by learned amateurs, and I think 
you will find some of them in the NSA library if you’re interested in 
the history of the science. The not illustration (Fig. 12) is the fron- 
tispiece of a French book the title of which (translated) is “Counter- 
espionage, or keys for all secret communications.” It was published 
in Paris in 1793. In the picture, we see Dr. Cryppy himself, and 
perhaps a breadboard model of a GS-11 research analyst, or maybe 
an early model of a WAC. 

I am now going to tell you something about the early steps in find- 
ing an answer to the age-old mystery presented by Egyptian hiero- 
glyphics, not only because I think that the solution represents the 
next landmark in the history of cryptology, but also because the 
story is of general interest to any aspiring cryptologist. About 1821 
a Frenchman, Champollion, startled the world by beginning to pub- 
lish translations of Egyptian hieroglyphics, although in the budding 
new field of Egyptology much had already transpired and been pub- 
published. In Fig. 13 we see the gentleman and in Fig. 14, a picture 
of the great Napoleonic find that certainly facilitated and perhaps 
made possible the solution of the Egyptian hieroglyphic writing — the 
Rosetta Stone. The Rosetta Stone was found in 1799 at Rashid, or, 



53 



CO N F I DENT I AL 




Fig. 12. 

as the Europeans call it, Rosetta, a town in northern Egypt on the 
west bank of the Rosetta branch of the Nile Rosetta was in the 
vicinity of Napoleon’s operations which ended m disaster When the 
peace treaty was written, Article 16 of it required that the Rosetta 
Stone, the significance of which was quickly understood by both the 
conquered French and victorious British commanders, be shipped to 
London, together with certain other large antiquities The Rosetta 
Stone still occupies a prominent place m the important exhibits at 
the British Museum The Rosetta Stone is a bi-lmgual inscription, 
because it is in Egyptian and also Greek The Egyptian portion 
consists of two parts, the upper one in hieroglyphic form, the lower 



Fig. 13. 




54 





REF ID : A 62856 



w F FRIEDMAN COHrlDENT I A tr 

one m a sort of cursive script, also Egyptian but called “Demotic ” 
It was soon realized that all three texts were supposed to say the 
same thing, of course, and since the Greek could easily be read, it 
served as something called in cryptanalysis a “crib.” Any time you 
are lucky enough to find a crib it saves you hours of work It was by 

means of this ,bi-lingual inscription that the Egyptian hieroglyphic 



; t ,r ,.>v. 









rnSr«p|®; 5 . 

. . ;.vVe£*''^- 

<- ^ InsA, <M 



v-pj.Mi-V(vr ;.i v" " .-r- *11 I-# r-; ■* vv* •!.*: ;*v;-.n u - 

zl- ■ - '* J * * I . . .. .... ■ * 1 t . * 1 I. . . k . ft. . fi . . L . . . . . 1 



i V-O , . 

-Jl. .1 






• _• > A ' ,|I. v- . i.'-y 

j'V . - -f- j.-rir. :«■:} -V. '•/tV 

' ' 7. * 1 *- V. * “A?/ iTllV-.n i ..1.1 Alo . . . - - .Hr o«« l,,.. 1 '.w<li.W.f»wl-,..|Wn > k 

“ ’ , ’^ vr * I •“ . ’7’ * * ’ . .. ...... ,. .t . . ,,w . ... . . I<r- ..1 . _ _ Piwnidw. >«<IM <UI 









^ 33 £ rl 

“^A'vr.A'.-.vV- 



v vr ; v'. ;,?r- 






te 



*1 *»•••■ . ' II* • r'/'IKLM -rl-* 

, »\J ;-.TTJ •*> * *'-7 •' -1 ipT' , -* fl 1 . , ^3, ,* . 
..: i ;:z> vxr. r.ii* : W-. :A ~ 

jA » • n* lArr^* , ■? ^ 



» A.’ J 






V,..T^'a2^! 












' 1 - • *.:r * v 



t.i V * fc ***' 

. , v **\lp^ . *.. • • ,«|*ft t«(***M “»'■• I '•■■■*. •I. 1 ***'-'* 

':y.\ ■ . c.r. 

* ' w"* 

.,.’■ i. '.«••. i "'p rt imi' i • z*:‘ r'L'i'i*-* * > — ■' 



i r s - i “■ *'*■ 

'' " "* * <1 • »**• Mil . 



Fig. 14. 



55 



REF ID : A6285 6 
COHriDCNTIA t- history of cryptology 



writing was finally solved, a feat which represented the successful 
solution to a problem the major part of which was linguistic m char- 
acter The cryptanalytic part of the task was relatively simple 
Nevertheless, I think that anyone who aspires to become a profes- 
sional cryptologist should have some idea as to what that cryptan- 
alytic feat was, a feat which some professor (but not of cryptologic 
science I think it was Professor Norbert Wiener, of the Massachu- 
setts Institute of Technology) said was the greatest cryptanalytic 
feat m history We shall see how wrong the good professor was, be- 
cause I’m gomg to demonstrate just what the feat really amounted 
to by showing you some simple pictures 

Fust, let me remind you that the Greek text served as an excellent 
crib for the solution of both Egyptian texts, the hieroglyphic and the 
Demotic, the latter merely being the conventional abbreviated and 
modified form of the Hieratic character or cursive form of hiero- 
glyphic writing that was m use m the Ptolemaic Period 

The initial step was taken by a Reverend Stephen Weston who 
made a translation of the Greek inscription, which he read m a paper 
delivered before the London Society of Antiquaries, m April 1802 

In 1818 Dr Thomas Young, the physicist who first proposed the 
wave theory of light, compiled for the 4th volume of Encyclopaedia 
Bntannica, published m 1819, the results of his studies on the Ros- 
etta Stone and among them there was a list of several Egyptian 
characters to which, in most cases, he had assigned correct phonetic 
values He was the first to grasp the idea of a phonetic principle in the 
Egyptian hieroglyphs and he was the first to apply it to their decipher- 
ment He also proved something which others had only suspected, 
namely, that the hieroglyphs m ovals or cartouches were royal names 
But Young’s name is not associated in the public mind with the 
decipherment of Egyptian hieroglyphics — that of Champollion is 
very much so Yet much of what Champollion did was based upon 
Young’s work Perhaps the greatest credit should go to Champollion 
for recognizing the major importance of an ancient language known as 
Coptic as a bridge that could lead to the decipherment of the Egyptian 
hieroglyphics As a lad of seven he’d made up his mind that he’d 
solve the hieroglyphic writing and m the early years of the 19th 
Century he began to study Coptic In his studies of the Rosetta 
Stone his knowledge of Coptic, a language the knowledge of which had 
never been lost, enabled him to deduce the phonetic value of many 
syllabic signs, and to assign correct readings to many pictorial char- 
acters, the meanings of which became known to him from the Greek 
text on the Stone 

The following step-by-step account of the solution is taken from 



■ COMriDCNTIA t 



56 



REF ID:A62856 



w f friedman CQNriDEHT l A b 



a little brochure entitled The Rossetta Stone, published by the Trustees 
of the British Museum It was written in 1922 by E A Wallis 
Budge and was revised in 1950 I quote 
“The method by which the greater part of the Egyptian alphabet 
was recovered is this It was assumed correctly that oval ( ) | , 

or “cartouche” as it is called, always contained a royal name There 
is only one cartouche (repeated six times with slight modifications) 
on the Rosetta Stone, and this was assumed to contain the name of 
Ptolemy, because it was certain from the Greek text that the in- 
scription concerned a Ptolemy It was also assumed that if the 
cartouche did contain the name of Ptolemy, the characters in it 
would have the sounds of the Greek letters, and that all together 
they would represent the Greek form of the name of Ptolemy Now 
on the obelisk which a certain Mr Banks had brought from Philae 
there was also an inscription in two languages, Egyptian and Greek 
In the Greek portion of it two royal names are mentioned, that is 
to say, Ptolemy and Cleopatra, and on the second face of the obelisk 
there are two cartouches, which occur close together, and are filled 
with hieroglyphs which, it was assumed, formed the Egyptian equiva- 
lents of these names When these cartouches were compared with 
the cartouche on the Rosetta Stone it was found that one of them 
contained hieroglyphic characters that were almost identical with 
those which filled the cartouche on the Rosetta Stone Thus there 
was good reason to believe that the cartouche on the Rosetta Stone 
contained the name of Ptolemy written m hieroglyphic characters 
The forms of the cartouches are as follows 



On the Rosetta Stone — 

On the Obelisk from Philae — 



c 



□ 






(Smbee 



In the second of these cartouches a smgle sign takes the place of 
three signs at the end of the first cartouche Now it has already 
been said that the name of Cleopatra was found in Greek on the 
Philae Obelisk, and the cartouche which was assumed to contain 
the Egyptian equivalent to this name appears in this form 



G3532M] 



Taking the cartouches which were supposed to contam the names of 
Ptolemy and Cleopatra from the Philae Obelisk, and numbering the 
signs we have 

11.13 O 14 "N 



^ □ o 3^| i 






10 

Q 






Ptolemy, A 
Cleopatra, B 



57 



^ eNf l DCNT I AL 





REF ID : A62856 
COHriDCHT I A - fc - history of cryptology 



Now we see at a glance that No 1mA and No 5 m B are identical, 
and judging only by their position in the names they must represent 
the letter P No 4 in A and No 2 m B are identical, and arguing as 
before from their position, they must represent the letter L As L 
is the second letter in the name of Cleopatra, sign No 1 m B must 
represent K In the cartouche of Cleopatra, we now know the values 
of Signs Nos 1, 2 and 5, so we may write them down thus 

4 fl p a ~k ^ ^ 

In the Greek form of the name of Cleopatra there are two vowels 
between the L and the P, and in the hieroglyphic form there are 
two hieroglyphs, this C) and this , so we may assume that 
the first is E and the other O In some forms of the cartouche of 
Cleopatra, No 7 (the hand) is replaced by a half circle, which is 
identical with No 2 in A and No 10 in B As T follows P m the 
name Ptolemy, and as there is a T m the Greek form of the name of 
Cleopatra, we may assume that the half circle and the hand have 
substantially the same sound, and that that sound is T In the Greek 
form of the name Cleopatra there are two A's, the position of which 
agree with No 6 and No 9, and we may assume that the bird has the 
value of A Substituting these values for the hieroglyphs m B we 
may write it thus 

« lo il 
K L E O P A T <=> A O ^ 

Thomas Young noticed that the two signs o and O always followed 
the name of a goddess, or queen, or princess Other early decipherers 
regarded the two signs as a mere feminine termination The only 
sign for which we have no phonetic equivalent is No 8, the lens, and 
it is obvious that this must represent R Inserting this value in the 
cartouche we have the name Cleopatra deciphered Applying now 
the values which we have learned from the cartouche of Cleopatra 
to the cartouche of Ptolemy, we may write it thus 



c 



P T O L 






101 



P T is 



> 



We now see that the cartouche must be that of Ptolemy, but it is 
also clear that there must be contained in it many other hieroglyphs 
which do not form part of his name Other forms of the cartouche of 
Ptolemy are found, even on the stone, the simplest of them written 
thus 




CO N f l DCNTIAL 



58 







REF ID : A62856 



W 1- FKIEDMAN 



It was therefore evident that these other signs 



10 11,12 
Q O 13 



were royal titles corresponding to those found in the Greek text on 
the Rosetta Stone meaning “ever-living, beloved of Ptah ” Now the 
Greek form of the name Ptolemy, i e Ptolemaios, ends with S We 
may assume therefore that the last signf 1 in the simplest form of the 
cartouche given above has the phonetic value of S The only hier- 
oglyphs now doubtful are £= and (j tj , and their position in the 
name of Ptolemy suggests that their phonetic values must be M and 
some vowel sound in which the I sound predominates These values, 
which were arnved at by guessing and deduction, were applied by 
the early decipherers to other cartouches, e g 












Now, in No 1, we can at once write down the values of all the signs, 
viz , P I L A T R A , which is obviously the Greek name Philotera 
In No 2 we know only some of the hieroglyphs, and we write the 
cartouche thus 



WWVVl X R 



It was known that the running-water sign a/wi/a occurs in the name 
Berenice, and that it represents N, and that this sign — h — is the 
last word of the transcript of the Greek title “Kaisaros,” and there- 
fore represents some S sound Some of the forms of the cartouche of 
Cleopatra begin with and it is clear that its phonetic value 

must be K Inserting these values m the cartouche above we have 



which is clearly meant to represent the name “Alexandros,” or 
Alexander The position of this sign (4 ) ) shows that it represented 
some sound of E or A 

Well, I’ve showed you enough to make fairly clear what the prob- 
lem was and how it was solved As you may already have gathered, 
the cryptanalysis was of a very simple variety 

The grammar? — Well, that’s an entirely different story: There’s 
where the difficult part lay It was very fortunate that the first 
attacks on Egyptian hieroglyphics didn’t have to deal with enci- 
phered writing Yes, the Egyptians also used cryptography; yes, 
there are “cryptographic hieroglyphics’” We’ll get to these later, 
but at this point it may be of interest to many of you to learn some- 
thing about what the Rosetta Stone had to say, as set forth by Dr 
Budge 



59 



COHriDEHTfA t- 






REF ID : A62856 



CONFIDENTIAL history of cryptology 




Fig. 15- A. 



- COHriDCNTIA f 



60 








REF ID : A62856 

W F FRIEDMAN “CONFIDENTIAL- 







REF ID:A62856 
- COHriDENT I AL - history of cryptology 

“The opening lines are hllod with a list of the titles of Ptolemy V, 
and a series ol epithets which proclaim the king's piety towards the 
gods, and his love for the Egyptians and his country In the second 
section of the inscription the priests enumerate the benefits which he 
had conferred upon Egypt., and which may be thus summarized 

1 Gifts of money and corn to the temples 

2 Gifts of endowments to temples 

3 Remission of taxes due to the Crown 

4 Forgiveness of debts owed by the people to the Crown 

7 Reduction of fees payable by candidates for the priesthood 

8 Reduction of the dues payable by the temples to the Crown 

13 Forgiveness of the debts owed by the priests to the Crown 

14 Reduction of the tax on byssus fa kind of flax or cotton fibre) 

15 Reduction of the tax on corn lands 

Could it be that installment-plan buying was rampant in Ancient 
Egypt too, so that people didn’t have enough left to pay their 
taxes 9 

Now, let’s go back to those cryptographic hieroglyphics mentioned 
a moment ago Here, m Fig 15-A for instance, is a picture of an 
inscription on a stela now m the Louvre, in Pans Lines 6-10, 
inclusive, below the seated figures under the arch, contain secret 
writing in hieroglyphics, in Fig 15-B, these lines are seen enlarged I 
won’t attempt to explain the nature of the cryptography involved 
It’s pretty simple— something hke the sort of cryptography involved in 
our own type of rebuses, and in our modern acronymic abbrevia- 
tions, such as CARE, which stands for Cooperative (for) American 
Relief Everywhere, or NASA, for the National Aeronautics (and) 
Space Administration Just to show you a bit of the cryptography 
that Dnoton presents, without undertaking to explain what is in- 
volved, in Fig 15-C can be seen in sequence 34 hieroglyphic char- 
acters which are in lines 1, 2 and part of 3, of Fig 15-B (the 6th, 
7th, and part of the 8th lines of Fig 15-A) 

__ The following extracts, translated from a long article by Prof. 
Etienne Dnoton m “Revue D’Egyptologie,” Pans, 1933, will be of 
interest' 

(P 1) “From the time of the Middle Empire onwards, Egypt 
had, alongside the official and normal system of wntmg, a tradi- 
tion of cryptographic wntmg, the oldest known examples of which 
are to be found in the tombs of Beni-Hassan, and the most recent 
in the inscriptions of the temples of the Greco-Roman epoch 

******* 

(P 32) It is necessary to add to the enumeration of the crypto- 
graphic procedures the variation in the appearance of the crypto- 
graphic signs themselves This vanation, without however 



CO N r i DC N T IAfc: 



62 



REF ID:A62856 

w F FRIEDMAN CONFIDENTIAL 



affecting their value, can (1) modify the appearance of the signs, 
(2) affect their position in various ways, and (3) combine these 
signs with others Finally, to note a last peculiarity of 

these inscriptions which, because of their fine form, deserve to be 
considered the classics of the cryptography of this period, the 
scribe has several times successfully carried out in them what was 
doubtless considered to be the triumph of the genre the grouping 
of signs which offer a possible but fallacious meaning in clear, 
alongside a cryptographic meaning which is the only true one ” 

******* 

And now for the most intriguing explanation offered by Dnoton 
as to why cryptography was incorporated m these inscriptions You 
know quite well why cryptography is employed m military, diploma- 
tic, banking, and industrial affairs, you also know perhaps that it is 
used for other purposes, in love affairs, for example, and in illicit 
enterprises of all sorts, and you probably also know that it is often 
used for purposes of amusement and diversion, in tales of mystery, 
in the sorts of things published in newspapers and literary journals — 
they are called “crypts” But none of these explanations will do for 
the employment of cryptography m Egyptian hieroglyphics Here’s 
what Dnoton thinks 

(P 50) “There remains, therefore, the supposition that, far 
from seeking to prevent reading, the cryptography in certain pas- 
sages of these inscriptions was intended to encourage their reading 
The appeals which often introduce formulae of this type, and 
which are addressed to all visitors to the tombs, show m fact how 
much the Egyptians desired to have them read, but also, by the 
very fact of their existence, what an obstacle they encountered in 
the indifference, not to say satiety, produced by the repetition 
and the monotony of these formulae To attempt to overcome 
this indifference by offering a text whose appearance would pique 
curiosity, based on the love, traditional m Egypt, for puzzles, to 
get people to decipher, with great difficulty, what was desired they 
should read, such is perhaps, m last analysis, the reason why the 
three monuments of the period of Amenophis III here considered 
present certain passages in cryptography 

One must suppose, in this case, that the goal was not attained 
and that it was very quickly seen that the expedient produced, on 
the apathy of the visitors, an effect opposite to that intended it 
removed even the slightest desire to read the inscriptions presented 
in this form The new procedure was therefore, — the monu- 
ments seem to prove it — , abandoned as soon as it had been tried.” 

* * * * * * * 



63 



CONFIDENTIAL 



REF ID:A62856 
■CONFIDENTIAt history of cryptology 



Before leaving the story of Champolhon’s mastery of Egyptian 
hieroglyphic writmg, I think I should re-enact for you as best I can 
in words what he did when he felt he’d really reached the solution 
to the mystery I’ll preface it by recalling to you what Archimedes is 
alleged to have done when he solved a problem he’d been struggling 
with for some time Archimedes was enjoying the pleasures of his 
bath and was just stepping out of the pool when the solution of the 
problem came to him like a flash He was so overjoyed that he ran, 
naked, through the streets shouting “Eureka' I’ve found it, I’ve 
found it ” Well, likewise, when young Champollion one day had 
concluded he’d solved the mystery of the Egyptian hieroglyphics, 
he set out on a quick mile-run to the building where his lawyer brother 
worked, stumbled into his brother’s office, shouting “Eugene, I did 
it'”, and flopped down to the floor in a trance where he is said to 
have remained immobile and completely out for five days “Cham- 
polhon died on 4 March 1832, leaving behind the manuscript of an 
Egyptian Grammar and of a Hieroglyphic Dictionary which, except 
for some errors of details inevitable in a gigantic work of decipher- 
ment and easily correctable, form the basis of the entire science of 
Egyptology ” — Drioton, “ Decipherment of Egyptian Hieroglyphics ”, 
La Science Moderne, August 1924, pp 423-432 

I shouldn’t leave this brief story of the cryptanalytic phases of the 
solution of the Egyptian hieroglyphic writing without telling you 
that there remain plenty of other sorts of writings which some of you 
may want to try your hand at deciphering when you’ve learned some 
of the principles and procedures of the science of cryptology A list 
of thus-far undeciphered writings was drawn up for me by Pro- 
fessor Alan C Ross, of London University, in 1945, and had 19 of 
them Since 1945 only two have been deciphered, Mmoan Lmear 
A and Linear B writing The Easter Island writing is said to have 
very recently been solved, but I’m not sure of that There are some, 
maybe just a very few, who think the hieroglyphic writing of the 
ancient Maya Indians of Central America may fall soon, but don’t 
be too sanguine about that either 

Should any of you be persuaded to tackle any of the still unde- 
ciphered writings in the list drawn up by Professor Ross, be sure you 
have an authentic case of an undeciphered language before you. 
Figure 16 .is one that was written on a parchment known as the Mich- 
igan Papyrus. It had baffled certain savants who had a knowledge 
of Egyptology and attempted to read it on the theory that it was 
some sort of variation — a much later modification — of Egyptian 
hieroglyphic writing These old chaps gave it up as a bad job 
Not too many years ago, it came to the attention of a young man who 
knew very little about Egyptian hieroglyphics He saw it only as a 



CONFIDENTIAL 



64 



I 




Fig. 16. 



simple substitution cipher on some old language He tackled the 
Michigan Papyrus on that basis and solved it He found the language 
to be early Greek And what was the purport of the writing 9 Well, 
it was a wonderful old Greek beautician’s secret formula for further 
beautifying lovely Greek young women — maybe the bathing beauties 
of those days, among whom possibly were “Miss Greece of 500 B C ” 
and “Miss Universe” of those days' 

The next period of importance m this brief account of the history 
of cryptology is the one which deals with the codes and ciphers used 
by the contestants m our Civil War, the period 1861-65 It is sig- 
nificant and important because, for the first time in history, rapid 
and secure communications on a large scale became practicable in 
the conduct of organized warfare and world-wide diplomacy They 
became practicable when cryptology and telegraphy were joined in 
happy, sometimes contentious, but long-lasting wedlock 

There is one person I should mention, however, before coming to 
the period of the Civil War in U S history I refer here to Edgar 
Allan Poe, who in 1842 or thereabouts, kindled an interest in cryptog- 





REF ID:A62856 

HISTORY OF CRYPTOLOGY 



/ 

/ 




raphy in newspapers and journals of the period, both at home and 
abroad For his day he was certainly the best informed person in 
this country on cryptologic matters outside of the regular employees 
of Government departments interested m the subject 

In regard to Poe. one of our early columnists, there’s an incident 
I’d like to tell you about in connection with a challenge he printed m 
one of his columns, in which he offered to solve any cipher submitted 
by his readers He placed some limitations on his challenge, which 
amounted to this — that the challenge messages should involve but 
a single alphabet In a later article Poe tells about the numerous 
challenge messages sent him and says “Out of perhaps 100 ciphers 
altogether received, there was only one which we did not immediately 
succeed in resolving This one we demonstrated to be an imposition — 
that is to say, we fully proved it a j'argon of random characters, 
having no meaning whatever ” I wish that cipher had been preserved 
for posterity, because it would be interesting to see what there was 
about it that warranted Poe to state that “we fully proved it a jargon 
of random characters ” Maybe I’m not warranted in saying of this 
episode that Poe reminds me of a ditty sung by a character in a play 
put on by some undergraduates of one of the colleges of Cambridge 
University, in England At a certain point m the play, this character 
steps to the front of the stage and sings 

“I am the Master of the College, 

What I don’t know ain’t knowledge ” 

Thus, Poe What he couldn’t solve, he assumed wasn’t a real cipher- — 
a very easy out for any cryptologist up against something tough 

If any of you are interested sufficiently to wish to learn something 
about Poe’s contributions to cryptology, I refer you to a very fine 
article by Professor W K Wimsatt, Jr , entitled “What Poe Knew 
About Cryptography”, Publications of the Modem Language As- 
sociation of America, New York, Vol LVIII, No 3, September 1943, 
pp 754-79 In it you’ll find references to what I have published on the 
same subject 

This completes the third lecture m this series In the next one we 
shall come to that interesting period in cryptologic history in which 
codes and ciphers were used in this country in the War of the Re- 
bellion, the War Between the States, the Civil War —you use your 
own pet designation for that terrible and costly struggle 






66 



